miaoyb opened a new issue #3757: URL: https://github.com/apache/apisix/issues/3757
### Issue description cors插件和redirect插件组合跨域访问有问题 ### Environment 环境说明:前后端分离项目 前端环境中配置访问后端的方式为http://xxx.abc.com,是http协议,不是https协议 * apisix version (cmd: `apisix version`):v2.3 dashboard v2.4 * OS (cmd: `uname -a`): * OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): * etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): * apisix-dashboard version, if have: ### Minimal test code / Steps to reproduce the issue 1. 开启全局cors 2.前后端域名均通过redirect开启http to https 3.前端页面访问后端接口的时候提示:Referrer Policy: strict-origin-when-cross-origin,此为https协议降级访问http协议时的提示。strict-origin-when-cross-origin 对于同源的请求,会发送完整的URL作为引用地址;在同等安全级别的情况下,发送文件的源作为引用地址(HTTPS->HTTPS);在降级的情况下不发送此首部 (HTTPS->HTTP)。 4.通过修改前端访问后端的http协议为https协议可以解决此问题,但是redirect插件中定义了http to https,这个不会检测出来自动进行修改为https么 ### What's the actual result? (including assertion message & call stack if applicable) ### What's the expected result? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
