.htaccess - 如何为每个域动态设置标头?
[英].htaccess - how to set headers dynamically per domain?
问题描述
I'm trying to get CORS functioning with multiple domains. 
我正在尝试让CORS在多个域中运行。
Header add Access-Control-Allow-Origin "http://localhost, http://multiplay.io"
However, it seems that most browsers only support one domain. 但是,似乎大多数浏览器仅支持一个域。 I've been told that the solution is to set the header per incoming domain. 我被告知解决方案是为每个传入域设置标头。
How do you do this using the .htaccess file? 你怎么用.htaccess文件做到这一点?
1 个解决方案
解决方案1
4 已采纳 2013-03-18 05:01:18
If it's only two values you wish to alternate between, you can use SetEnvIf to differentiate between the two. 如果您希望在它们之间交替使用两个值,则可以使用SetEnvIf来区分这两个值。
SetEnvIf Referer "^http://localhost/" is_localhost
Header add Access-Control-Allow-Origin http://localhost env=is_localhost
Header add Access-Control-Allow-Origin http://multiplay.io env!=is_localhost
There may be a more elegant solution, but something like the above (untested) directives should work. 可能有一个更优雅的解决方案,但上述(未经测试)的指令应该有效。
(Note that it is trivial to forge a Referer header, so be aware of the security implications of forged Referer headers when using Referer headers for pretty much anything.) (请注意,伪造Referer标头是微不足道的,因此在使用Referer标头时,请注意伪造的Referer标头的安全隐患。)
Additionally, if you just want to allow all hosts, you can specify * instead of listing multiple hostnames: 此外,如果您只想允许所有主机,则可以指定*而不是列出多个主机名:
Header add Access-Control-Allow-Origin *
But I assume you already knew that and don't want to be that permissive. 但我认为你已经知道了,并且不想那么宽容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.