php跨域可行否
如果跨域,可能连错误都不会输出给跨域的请求,在php代码里面的任何输出之前,临时可以设置如下:
header(sprintf("Access-Control-Allow-Origin: %s",$_SERVER['HTTP_ORIGIN']));
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header('Access-Control-Allow-Headers:DNT,web-token,app-token,Authorization,Accept,Origin,Keep-Alive,User-Agent,X-Mx-ReqToken,X-Data-Type,X-Auth-Token,X-Requested-With,If-Modified-Since,Cache-Control,Content');
使用通配符允许所有跨域:header( 'Access-Control-Allow-Origin:' );
指定某个域:header( 'Access-Control-Allow-Origin:http://blog.yongit.com' );
//服务器端跨域设置 - HTTP_ORIGIN - SERVER_NAME
$origin = '';
if (isset($_SERVER['HTTP_ORIGIN'])){
$origin = $_SERVER['HTTP_ORIGIN'];
}else{
$this->returnAjax(-1,'','HTTP_ORIGIN Error');
}
$crossDomain = Kohana::$config->load('crossdomain')->as_array();
if(in_array($origin, $crossDomain['allowOrigin'])){
header('Access-Control-Allow-Origin:'.$origin);//多图专用跨域
//header('Access-Control-Allow-Methods:POST');
//header('Access-Control-Allow-Headers:x-requested-with,content-type');
}
header('Access-Control-Allow-Headers: X-Requested-With,X_Requested_With'); // more use ','
简而言之:
//bsykc20161111-如果测试环境放个header表示允许跨域不要用jsonp了
//parent::headers('Access-Control-Allow-Origin', '*');
//设置http://www.bbbb.com允许跨域访问
//header('Access-Control-Allow-Origin: http://www.bbbb.com');
//设置允许的跨域header
//header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
//header('Access-Control-Allow-Headers:'.$_GET['headercallback']);
//允许的header方法
//header('Access-Control-Allow-Methods:POST,GET,PUT,DELETE,OPTIONS');
// 允许异步ajax请求
//header('Access-Control-Allow-Headers: X-Requested-With,X_Requested_With');
//允许改变content-type
//header('Access-Control-Allow-Headers:x-requested-with,content-type');
//验证cookies等通过
//header("Access-Control-Allow-Credentials : true");