From 1b5ce4f8f9c5d5411749e4cd48b7bad0ffe153a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= <sunpengchina85@gmail.com>
Date: Sat, 28 Jun 2025 15:24:06 +0800
Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E5=BA=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nginxdashuju/vhosts/airport.conf | 34 ++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/nginxdashuju/vhosts/airport.conf b/nginxdashuju/vhosts/airport.conf
index 4f7a499..d806288 100644
--- a/nginxdashuju/vhosts/airport.conf
+++ b/nginxdashuju/vhosts/airport.conf
@@ -40,6 +40,40 @@
         }
 
         location /airport {
+
+            # 先清除后端返回的 CORS 相关头
+            proxy_hide_header Access-Control-Allow-Origin;
+            proxy_hide_header Access-Control-Allow-Credentials;
+            proxy_hide_header Access-Control-Allow-Headers;
+            proxy_hide_header Access-Control-Allow-Methods;
+            proxy_hide_header Access-Control-Max-Age;
+            proxy_hide_header Access-Control-Expose-Headers;
+
+            add_header 'Access-Control-Allow-Origin' "https://${BUSINESS_DOMAIN_FULL}" always;
+            add_header 'Access-Control-Allow-Credentials' 'true' always;
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With, client-id' always;
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+            add_header 'Access-Control-Max-Age' 1728000 always;
+            add_header 'Access-Control-Expose-Headers' 'Content-Type, Authorization, client-id' always;
+            add_header 'Vary' 'Origin' always;
+            add_header 'Content-Security-Policy' "frame-ancestors *" always;
+            add_header X-Frame-Options ALLOWALL always;
+
+            if ($request_method = 'OPTIONS') {
+                add_header 'Access-Control-Allow-Origin' "https://${BUSINESS_DOMAIN_FULL}" always;
+                add_header 'Access-Control-Allow-Credentials' 'true' always;
+                add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With, client-id' always;
+                add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
+                add_header 'Access-Control-Max-Age' 1728000 always;
+                add_header 'Access-Control-Expose-Headers' 'Content-Type, Authorization, client-id' always;
+                add_header 'Vary' 'Origin' always;
+                add_header 'Content-Security-Policy' "frame-ancestors *" always;
+                add_header X-Frame-Options ALLOWALL always;
+                add_header 'Content-Length' 0;
+                add_header 'Content-Type' 'text/plain; charset=utf-8';
+                return 204;
+            }
+
             proxy_pass http://gatewayService/airport;
             proxy_set_header Host $host;
             proxy_http_version 1.1;