php跨域可行否


如果跨域,可能连错误都不会输出给跨域的请求,临时可以设置如下:

header(sprintf("Access-Control-Allow-Origin: %s",$_SERVER['HTTP_ORIGIN']));
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header('Access-Control-Allow-Headers:DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content');

使用通配符允许所有跨域:header( 'Access-Control-Allow-Origin:' );

指定某个域:header( 'Access-Control-Allow-Origin:http://blog.yongit.com' );

//服务器端跨域设置 - HTTP_ORIGIN - SERVER_NAME
$origin = '';
if (isset($_SERVER['HTTP_ORIGIN'])){
    $origin = $_SERVER['HTTP_ORIGIN'];
}else{
    $this->returnAjax(-1,'','HTTP_ORIGIN Error');
}

$crossDomain = Kohana::$config->load('crossdomain')->as_array();

if(in_array($origin, $crossDomain['allowOrigin'])){
    header('Access-Control-Allow-Origin:'.$origin);//多图专用跨域
    //header('Access-Control-Allow-Methods:POST');
    //header('Access-Control-Allow-Headers:x-requested-with,content-type');
}

header('Access-Control-Allow-Headers: X-Requested-With,X_Requested_With'); // more use ','

简而言之:

//bsykc20161111-如果测试环境放个header表示允许跨域不要用jsonp了
//parent::headers('Access-Control-Allow-Origin', '*');

//设置http://www.bbbb.com允许跨域访问
//header('Access-Control-Allow-Origin: http://www.bbbb.com');

//设置允许的跨域header
//header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
//header('Access-Control-Allow-Headers:'.$_GET['headercallback']);

//允许的header方法
//header('Access-Control-Allow-Methods:POST,GET,PUT,DELETE,OPTIONS'); 

// 允许异步ajax请求
//header('Access-Control-Allow-Headers: X-Requested-With,X_Requested_With');
 
//允许改变content-type
//header('Access-Control-Allow-Headers:x-requested-with,content-type');

//验证cookies等通过
//header("Access-Control-Allow-Credentials : true");

版权声明,转载请附上原文链接及本声明: https://blog.yongit.com/note/117660.html