From 767083ae2f50576751e5c9f75b4dd5d1a43acee3 Mon Sep 17 00:00:00 2001 From: Hongyu Shi Date: Mon, 15 Sep 2025 14:23:43 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E6=9B=B4=E6=96=B0=20nginx=20=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E4=BB=A5=E6=94=AF=E6=8C=81=E8=B7=A8=E5=9F=9F=E8=AF=B7?= =?UTF-8?q?=E6=B1=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Hongyu Shi --- build/linux/nginx.conf.local.tmpl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build/linux/nginx.conf.local.tmpl b/build/linux/nginx.conf.local.tmpl index b10a8d2c..d8c50ca2 100644 --- a/build/linux/nginx.conf.local.tmpl +++ b/build/linux/nginx.conf.local.tmpl @@ -6,12 +6,16 @@ server { client_body_buffer_size 5120M; client_max_body_size 5120M; + add_header 'Access-Control-Allow-Origin' '*'; # 允许所有源 + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE'; # 允许的HTTP方法 + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; # 允许的请求头 + add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Range'; # 允许前端访问的响应头 add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "no-referrer"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; always"; add_header Cache-Control "no-cache"; - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: base64;"; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data: base64;"; resolver 8.8.8.8 8.8.4.4 valid=60s; resolver_timeout 5s; -- Gitee