问题描述
我想允许访问我的网站上每个子域,以允许跨子域AJAX调用。有没有一种方法来指定一个网站的所有子像 * example.com
或替代,为什么下面没有,当我有多个域名上市工作:
I am trying to allow access to every subdomain on my site in order to allow cross subdomain AJAX calls. Is there a way to specify all subdomains of a site like *.example.com
or alternatively, why does the following not work when I have more than one domain listed:
header('Access-Control-Allow-Origin: http://api.example.com http://www.example.com');
我走过这似乎是相似的,如果不一样,这一次,除此之外,我希望获得子域的事实以下问题看,这一次指的是一般的域。
I have read through the following question which appears to be similar, if not the same as this one, other than the fact that I want access to subdomains and this one refers to general domains.
Access-Control-Allow-Origin多地域?
如果上面的问题是解决这个问题的话,我怎么能够检索从标题的由来。看来,$ _ SERVER ['HTTP_ORIGIN']是非常不可靠的,甚至没有跨浏览器。我需要能够看到在任何浏览器的起源尝试使用JavaScript来发送一个AJAX调用时可能会显示一个错误。
If the above question is the solution to this problem, then how am I able to retrieve the origin from the header. It appears that $_SERVER['HTTP_ORIGIN'] is very unreliable and not even cross browser. I need to be able to see the origin in any browser that may show an error when trying to send an AJAX call using javascript.
推荐答案
解决这个问题的方法是使用$ _ SERVER ['HTTP_ORIGIN']变量来确定该请求是否已经从允许的域。它然后设置这样的:
The solution to this issue is to use the $_SERVER['HTTP_ORIGIN'] variable to determine whether the request has come from an allowed domain. It has then set this:
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
这篇关于指定多个子站点使用访问控制原产地的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!