nginx:仅在HTTP请求为选项时才需要基本身份验证选项
问题描述:
授权标头未使用HTTP OPTIONS请求发送。我希望只有在请求是OPTIONS时才禁用此认证,并将其保留为其他请求。这里是我现在有的配置代码片段。似乎无法看出它为什么不起作用。我总是在OPTIONS请求中获得401 Unauthorized Error。nginx:仅在HTTP请求为选项时才需要基本身份验证选项
location ~ /foo/bar
{
if ($request_method = OPTIONS) {
set $auth_basic "off";
}
if ($request_method != OPTIONS)
{
set $auth_basic "Resctricted";
set $auth_basic_user_file /var/www/.htpasswd;
}
auth_basic $auth_basic;
auth_basic_user_file $auth_basic_user_file;
}
答
处理这个最简单的方法是让nginx的处理OPTIONS
要求:
server {
listen 80;
server_name example.com;
root /var/www;
auth_basic "Resctricted";
auth_basic_user_file /var/www/.htpasswd;
location/{
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin "http://example.com";
add_header Access-Control-Allow-Methods "GET, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization";
add_header Access-Control-Allow-Credentials "true";
add_header Content-Length 0;
add_header Content-Type text/plain;
return 200;
}
}
}
这将使OPTIONS
获得,而不需要认证的响应:
[email protected] www $ curl -i -X OPTIONS http://example.com
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2017 00:09:52 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: http://example.com
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Credentials: true
Content-Length: 0
Content-Type: text/plain
[email protected] www $ curl -i http://example.com
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 17 Jun 2017 00:09:59 GMT
Content-Type: text/html
Content-Length: 188
Connection: keep-alive
WWW-Authenticate: Basic realm="Resctricted"
<html>
<head><title>401 Authorization Required</title></head>
<body bgcolor="white">
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx</center>
</body>
</html>
答
它看起来像是一个旧帖子,但找到了这个解决方案:
在“位置”中放入以下配置,并从服务器中删除任何auth_basic。这将工作
location/{
# Your node proxy configuration for example #
# Make options requests work #
limit_except OPTIONS {
auth_basic "Restricted access zone";
auth_basic_user_file /etc/nginx/pass/protected;
}
}
感谢您的回答。我在你的帮助下提出了这个问题。这不对吗?验证码必须在那里,因为这是唯一需要它的位置。我仍然得到401未经授权。 '位置〜/富/酒吧/ { 如果($ REQUEST_METHOD = OPTIONS){ ... 返回200; } auth_basic“Restricted”; auth_basic_user_file /var/www/.htpasswd; }' –