OPTIONSadd_header Access-Control-Allow-Methods 'POST,OPTIONS,GET';另外,你要看一下客户端请求有没有自定义请求头,如果自定义了请求头,还需要加一条:
add_header Access-Control-Allow-Headers "需要的请求头";如果你不需要客户端提交 cookie ,需要删除:
add_header 'Access-Control-Allow-Credentials' "true";实际的配置应该是:
add_header 'Access-Control-Max-Age' 60;
add_header 'Access-Control-Allow-Origin' "$http_origin";
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header "Access-Control-Allow-Headers" "Accept,User-Agent,X-Requested-With,Content-Type";