由于业务需要,需要在服务端响应中添加响应头
刚开始我在server段里面添加header
server {
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security max-age=86400;
add_header Content-Security-Policy "upgrade-insecure-requests;";
}
重启无法生效。
后面发现需要写入到最深层的匹配规则,我在location匹配php的段中有一行代码
location ~ \.php$ {
add_header Access-Control-Allow-Origin *;
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
重新修改把header添加到这一段
location ~ \.php$ {
add_header Access-Control-Allow-Origin *;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security max-age=86400;
add_header Content-Security-Policy "upgrade-insecure-requests;";
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
成功。。