From ece64e90f37b4d406773cf1c7e85eead63d043bd Mon Sep 17 00:00:00 2001
From: wanglei <34475144@qqcom>
Date: Wed, 12 Nov 2025 15:07:47 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=89=8D=E7=AB=AF=E8=AE=BF?=
 =?UTF-8?q?=E9=97=AE=E6=8E=A5=E5=8F=A3=E6=97=B6=E5=85=81=E8=AE=B8=E8=B7=A8?=
 =?UTF-8?q?=E7=AB=99=E8=AE=BF=E9=97=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/nginx.conf | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 53d0545..e5e9c17 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -25,7 +25,7 @@ http {
     #lua_ssl_verify_depth 3;
 
     #在Nginx启动时执行的Lua代码块
-    #初始化用户角色权限相关的共享内存
+    #oauth2.0第三方验证后将code放到共享内存中
     lua_shared_dict codeDict 5m;
     #init_by_lua_block {
     #    -- 定义一个全局变量
@@ -53,12 +53,15 @@ http {
         set $APP_PATH '/home/frankly/work/AuthPlatform';
 
         #访问时允许跨域处理
-	    access_by_lua_block {
-            ngx.header["Access-Control-Allow-Origin"] = "*"
-            ngx.header["Access-Control-Allow-Methods"] = "GET, POST, DELETE, PUT"
-            ngx.header["Access-Control-Allow-Headers"] = "Content-Type, Authorization"
+        access_by_lua_block {
+            ngx.header["Access-Control-Allow-Origin"] = "*";
+            ngx.header["Access-Control-Allow-Methods"] = "GET, POST, DELETE, PUT";
+            ngx.header["Access-Control-Allow-Headers"] = "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
+            ngx.header["Access-Control-Max-Age"] = 1728000;
+            ngx.header["Access-Control-Expose-Headers"] = "Content-Length,Content-Range";
             if ngx.var.request_method == "OPTIONS" then
-                ngx.exit(ngx.HTTP_NOT_ALLOWED)
+                ngx.status = 204
+                ngx.exit(ngx.OK)
             end
         }