zhikaichen123 opened a new issue #5637: URL: https://github.com/apache/apisix/issues/5637
### Issue description https://github.com/apache/apisix/blob/2a32f13824c0cc8e359feedd23e537422af3b28c/docs/zh/latest/plugins/cors.md "plugins": { "cors": {} } 按照官方说法这样配置就可以有跨域效果,实则不然,这样浏览器调用还会有问题的,还是会有跨域异常。然后我看了其它帖子还要设置 Origin 什么的,这个也太难使用了! ### Environment - apisix version (cmd: `apisix version`): - OS (cmd: `uname -a`): - OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`): - etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): - apisix-dashboard version, if have: - the plugin runner version, if the issue is about a plugin runner (cmd: depended on the kind of runner): - luarocks version, if the issue is about installation (cmd: `luarocks --version`): ### Steps to reproduce 这个是我的优化,跨域实际上经历了两次请求,OPTIONS 方法 + 具体的业务 method 在这个类 apisix\cli\ngx_tpl.lua 的 access_by_lua_block 模块加入以下代码: access_by_lua_block { -- 添加跨域cors配置 local cors = require('apisix.core.cors') local core = require("apisix.core") local get_method = ngx.req.get_method local method = get_method() -- core.log.error("method: ",method) -- local get_headers = ngx.req.get_headers -- local headers = get_headers() -- core.log.error("headers: ",core.json.encode(headers)) -- 表示跨域请求 -- 还需要结合 apisix\plugins\cors.lua 配置才可以到达真正跨域效果 if method == "OPTIONS" then -- 跨域处理 cors.allow_host('*') cors.allow_method('*') cors.allow_header('*') cors.max_age(7200) cors.allow_credentials(true) cors.run2() return core.response.exit(204, "") end apisix.http_access_phase() } 附近我的cors run 2方法 local re_match = ngx.re.match local _M = { _VERSION = '0.1.0'} local Origin = 'Origin' local AccessControlAllowOrigin = 'Access-Control-Allow-Origin' local AccessControlExposeHeaders = 'Access-Control-Expose-Headers' local AccessControlMaxAge = 'Access-Control-Max-Age' local AccessControlAllowCredentials = 'Access-Control-Allow-Credentials' local AccessControlAllowMethods = 'Access-Control-Allow-Methods' local AccessControlAllowHeaders = 'Access-Control-Allow-Headers' local mt = { __index = _M } local allow_hosts = {} local allow_headers = {} local allow_methods = {} local expose_headers = {} local max_age = 3600 local allow_credentials = true function _M.run2() ngx.header[AccessControlAllowOrigin] = "*" ngx.header[AccessControlMaxAge] = max_age ngx.header[AccessControlAllowMethods] = "*" ngx.header[AccessControlAllowHeaders] = "*" ngx.header["Cache-Control"] = "no-cache" if allow_credentials == true then ngx.header[AccessControlAllowCredentials] = "true" else ngx.header[AccessControlAllowCredentials] = "false" end end 注意:该配置还是需要结合官方的cors.lua "plugins": { "cors": {} } ### Actual result 最后附上实际运行效果图  ### Error log over ### Expected result _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
