生产环境需要https得开头设置
在django setting全局设置里面增加http强制得转换代码
# 强制HTTPS设置
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # 处理反向代理情况
SECURE_SSL_REDIRECT = True # 自动将HTTP请求重定向到HTTPS
SESSION_COOKIE_SECURE = True # 仅通过HTTPS传输Cookie
CSRF_COOKIE_SECURE = True # 仅通过HTTPS传输CSRF Cookie
SECURE_HSTS_SECONDS = 31536000 # 1年的HSTS有效期
SECURE_HSTS_INCLUDE_SUBDOMAINS = True # 包含所有子域名
SECURE_HSTS_PRELOAD = True # 允许浏览器预加载HSTS设置
SECURE_CONTENT_TYPE_NOSNIFF = True # 防止浏览器猜测内容类型
强制给全体媒体文件添加请求头
location ^~ /media/ {
root /www/wwwroot/BackWeb/webxr/xiefanAdmin;
# 核心:用 always 确保所有响应(包括缓存、成功、失败)都带 CORS 头
add_header 'Access-Control-Allow-Origin' 'https://www.codexr.cn' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Expose-Headers' 'Content-Length, Content-Type' always;
# 处理预检请求
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'https://www.codexr.cn' always;
add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Content-Length' 0;
return 204;
}
expires 30d;
access_log /www/wwwlogs/media_access.log; # 确认请求进入此配置
}
|