今天設定靜態資源伺服器時發現
Font from origin 'http://start.fbzl.org' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://lib.fbzl.org' is therefore not allowed access.
這裡我給靜態資源單獨設定了一個域名,其它頁面呼叫時發生了跨越許可權問題。
Nginx 解決辦法:
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
將這段程式碼新增到 http{} 或者靜態資源對應的 server{} 中
如果只為自己的網站使用可以將第一行程式碼的星號改為自己的域名,例如 *.fbzl.org
參考資料
http://www.w3.org/TR/cors/#access-control-allow-methods-response-header