仅在这记录下,今天的事情。
问题出自于Nginx 设置http 强制跳转 https设置
1.上午,出于某些需求,我将服务器Nginx 设置http 强行跳转 https
server { listen 80; server_name www.server_name.com; rewrite ^(.*)$ https://$host$1 permanent; }
2.下午,业务代码没有修改的情况下出现:七牛云 上传图片 错误返回
{code: "403", input: "", message: "非法操作!"}
3.难道是七牛云服务器炸了? 但是返回结果是200 ok的情况,经过排除发现是服务器回调 信息由于原回调地址为http ,现在Nginx强制跳转至https 后出现的错误,
代码:
/** * 创建七牛 上传token * @return string */ public static function create(){ $expires=3600;//token 一小时过期 $policy = array( 'callbackUrl' => 'https://www.myserver.com/v1/callback/qiniu', 'callbackBody' => '{"uid":"'.Yii::$app->user->id.'","hash":"$(etag)","fsize":$(fsize),"bucket":"$(bucket)"}', 'callbackBodyType' => 'application/json', // 'callbackBodyType' => 'application/x-www-form-urlencoded', ); $auth = new Auth(self::$accessKey, self::$secretKey); $upToken = $auth->uploadToken(self::$bucket, null, $expires, $policy, true); return $upToken; } /** * 验证回调信息是否来自七牛 * @return boolean */ public static function validateCallback(){ $auth = new Auth(self::$accessKey, self::$secretKey); //获取回调的body信息 $callbackBody = file_get_contents('php://input'); //回调的contentType $contentType = 'application/json'; //回调的签名信息,可以验证该回调是否来自七牛 $authorization = $_SERVER['HTTP_AUTHORIZATION']; //七牛回调的url,具体可以参考:http://developer.qiniu.com/docs/v6/api/reference/security/put-policy.html $url = 'https://www.myserver.com/v1/callback/qiniu'; $isQiniuCallback = $auth->verifyCallback($contentType, $authorization, $url, $callbackBody); return $isQiniuCallback; } }
最后将回调地址的 http 改为https 后解决问题