跨域
add_header Access-Control-Allow-Origin $http_origin;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header Access-Control-Allow-Headers x-requested-with,lang,Origin,origin-
secret,referer,content-type,auth-token;
add_header Access-Control-Allow-Methods GET,POST,OPTIONS;Options缓存
add_header 'Access-Control-Max-Age' 86400;