仅在这记录下,今天的事情。
问题出自于Nginx 设置http 强制跳转 https设置
1.上午,出于某些需求,我将服务器Nginx 设置http 强行跳转 https
server { listen 80; server_name www.server_name.com; rewrite ^(.*)$ https://$host$1 permanent; }
2.下午,业务代码没有修改的情况下出现:七牛云 上传图片 错误返回
{code: "403", input: "", message: "非法操作!"}
3.难道是七牛云服务器炸了? 但是返回结果是200 ok的情况,经过排除发现是服务器回调 信息由于原回调地址为http ,现在Nginx强制跳转至https 后出现的错误,
代码:
/**
* 创建七牛 上传token
* @return string
*/
public static function create(){
$expires=3600;//token 一小时过期
$policy = array(
'callbackUrl' => 'https://www.myserver.com/v1/callback/qiniu',
'callbackBody' => '{"uid":"'.Yii::$app->user->id.'","hash":"$(etag)","fsize":$(fsize),"bucket":"$(bucket)"}',
'callbackBodyType' => 'application/json',
// 'callbackBodyType' => 'application/x-www-form-urlencoded',
);
$auth = new Auth(self::$accessKey, self::$secretKey);
$upToken = $auth->uploadToken(self::$bucket, null, $expires, $policy, true);
return $upToken;
}
/**
* 验证回调信息是否来自七牛
* @return boolean
*/
public static function validateCallback(){
$auth = new Auth(self::$accessKey, self::$secretKey);
//获取回调的body信息
$callbackBody = file_get_contents('php://input');
//回调的contentType
$contentType = 'application/json';
//回调的签名信息,可以验证该回调是否来自七牛
$authorization = $_SERVER['HTTP_AUTHORIZATION'];
//七牛回调的url,具体可以参考:http://developer.qiniu.com/docs/v6/api/reference/security/put-policy.html
$url = 'https://www.myserver.com/v1/callback/qiniu';
$isQiniuCallback = $auth->verifyCallback($contentType, $authorization, $url, $callbackBody);
return $isQiniuCallback;
}
}
最后将回调地址的 http 改为https 后解决问题