update pay ui

nginx-110.42.32.207.conf

@@ -62,7 +62,7 @@ server {
     # ============================================
     # CORS 配置（允许 CDN 域名访问）
     # ============================================
-    set $cors_origin '*';
+    set $cors_origin 'https://valuefrontier.cn';
 
     # 如果需要限制来源，取消下面注释
     # set $cors_origin '';
@@ -78,13 +78,20 @@ server {
         if ($request_method = 'OPTIONS') {
             add_header 'Access-Control-Allow-Origin' $cors_origin always;
             add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
-            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With' always;
+            add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept, Authorization, X-Requested-With, Cookie' always;
             add_header 'Access-Control-Allow-Credentials' 'true' always;
             add_header 'Access-Control-Max-Age' 86400;
             add_header 'Content-Length' 0;
             return 204;
         }
 
+        # 隐藏后端返回的 CORS 头（避免重复）
+        proxy_hide_header 'Access-Control-Allow-Origin';
+        proxy_hide_header 'Access-Control-Allow-Credentials';
+        proxy_hide_header 'Access-Control-Allow-Methods';
+        proxy_hide_header 'Access-Control-Allow-Headers';
+        proxy_hide_header 'Access-Control-Expose-Headers';
+
         proxy_pass http://127.0.0.1:5001;
         proxy_http_version 1.1;
         proxy_set_header Host $host;
@@ -93,7 +100,7 @@ server {
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Connection "";
 
-        # CORS 头
+        # 统一添加 CORS 头
         add_header 'Access-Control-Allow-Origin' $cors_origin always;
         add_header 'Access-Control-Allow-Credentials' 'true' always;