NGINX php7.0 sendet Körper nicht bei Fehlercodes von CORS-Anfragen

Question

Kämpfen mit einem seltsamen Problem. Ich habe nginx Setup und liefern Seiten mit PHP7 mit fpm ohne Problem. Wenn jedoch angular eine CORS-Anfrage ausführt, die zu einem 4xx- oder 5xx-Antwortcode führt, werden weder die CORS-Header gesendet, noch ein Body/Content.

server { 
    listen 80 default_server; 
    listen [::]:80 default_server ipv6only=on; 

    root /var/www/api/current/public; 
    index index.php index.html index.htm; 

    # Make site accessible from http://localhost/ 
    server_name xxx.xxx.xxx.xxx api.mydomain.com; 

    location/{ 
     # First attempt to serve request as file, then 
     try_files $uri $uri/ /api.php?$query_string; 
    } 

    client_max_body_size 100m; 

    proxy_intercept_errors off; 

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 
    location ~ \.php$ { 
     #try_files $uri /api.php?query_string =404; 
     fastcgi_split_path_info ^(.+\.php)(/.+)$; 
     fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; 
     fastcgi_index index.php; 
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
     fastcgi_buffer_size 16k; 
     fastcgi_buffers 4 16k; 
     fastcgi_intercept_errors off; 
     include fastcgi_params; 


     if ($request_method = POST) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Expose-Headers' "X-AuthToken"; 
      add_header 'Access-Control-Expose-Headers' "X-TemporaryPassword"; 

     } 

     if ($request_method = GET) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Expose-Headers' "X-AuthToken"; 
     } 

     if ($request_method = QUERY) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Expose-Headers' "X-AuthToken"; 
     } 

     if ($request_method = DELETE) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Expose-Headers' "X-AuthToken"; 
     } 

     if ($request_method = PATCH) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 
      add_header 'Access-Control-Expose-Headers' "X-AuthToken"; 
     } 

     if ($request_method = OPTIONS) { 
      add_header 'Access-Control-Allow-Origin' "$http_origin"; 
      add_header 'Access-Control-Allow-Credentials' 'true'; 

      add_header 'Access-Control-Max-Age' 1728000; # cache preflight value for 20 days 
      add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, QUERY, PATCH'; 
      add_header 'Access-Control-Allow-Headers' 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-AuthToken'; 

      add_header 'Content-Length' 0; 
      add_header 'Content-Type' 'text/plain charset=UTF-8'; 
      return 204; 
     } 

    } 

} 

Answer 1

nginx scheint keine benutzerdefinierten Header auf HTTP-Fehlercodes zu senden. Mein nginx wurde auf 1.8.x aktualisiert, so dass ich das dritte Flag auf add_header verwenden kann: always.

add_header 'Access-Control-Allow-Origin' "$http_origin" always; 

Das war der Trick.