curl -H ‘Origin:https://www.baidu.com’ http://127.0.0.1:80
location /myProject/api/ {
set $allow_cors 0;
# 判断不为空
if ($http_origin) {
set $allow_cors 1;
}
# 判断不在白名单内
if ($http_origin !~* "(www.test.com|10.86.37.169)" ) {
set $allow_cors "${allow_cors}1";
}
# 判断不为空 且 不在白名单内,返回403
if ($allow_cors = "11") {
return 403;
}
add_header 'Access-Control-Allow-Origin' 'http://10.86.37.169:80' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
include proxy_params;
proxy_pass http://localhost:8081/;
access_log /tmp/httplogs/uat-mobileapi-access.log main;
error_log /tmp/httplogs/uat-mobileapi-error.log;
}