add_header Access-Control-Allow-Origin  $http_origin;
add_header Access-Control-Allow-Headers "Cookie,Set-Cookie,token,x-requested-with,content-type,withcredentials";
add_header "Access-Control-Allow-Methods" "GET,POST,OPTIONS,DELETE,PUT";
add_header "Access-Control-Allow-Credentials" "true";

---

try setting the proxy for the interface

location /data {
    proxy_pass http://192.xxx.xx.xxx:3000;
}

< hr >

emmm, it seems that the answers are all php-related, so please ignore them. I use nginx as the server at the front end.

---

< H2 > ThinkPHP 5 should be able to be configured directly in the middleware without the hassle of going to Nginx. < / H2 >

I don't know what the mindset of those who step on it is.

---

read your supplement and found that your server did not return the header Access-Control-Allow-Origin . Nginx has not been matched for a long time. It is estimated that there is a problem with the configuration. You can do this implementation test in the program.

---

solution: add always at the end of the add_header statement.
details: nginx add_header Syntax: add_header name value [always]; . The optional always indicates that it is forced to be added no matter how much code is returned.
official document: http://nginx.org/en/docs/http.

---

look at $http_origin what is the value of this variable, this is very important, and cors generally does not need to be equipped in webserver, web framework has middleware and so on to solve.