nginx 跨域 xss

location /daping/ {

        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

        add_header Access-Control-Allow-Origin *;

        add_header Access-Control-Allow-Credentials: true;

        add_header X-Xss-Protection "1; mode=block";

        alias    /data/screen/html/;

        add_header X-Content-Type-Options: nosniff;

        #Content-Security-Policy: default-src 'self'; 

         # index  index.html index.htm;

        }

HTTP响应头使用X-XSS-Protection

https://blog.csdn.net/u012280685/article/details/119455247

WEB安全防御总结一 : 响应头(X-Content-Type-Options、X-Frame-Options、X-XSS-Protection)

https://blog.csdn.net/jiongxian1/article/details/100619810

Nginx服务器中处理AJAX跨域请求的配置方法讲解

https://www.cnblogs.com/zzw1986/p/5906600.html

nginx 配置add_header 'Access-Control-Allow-Origin' '*' 依然存在跨域问题

https://blog.csdn.net/xiojing825/article/details/83383524

跨域问题

https://www.cnblogs.com/zenghui940/p/4738809.html

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/tonggc1668/p/15794146.html