简体   繁体   English

Apache / PHP和动态CORS

[英]Apache / PHP and dynamic CORS

I'm having a hard time to get around that CORS thing. 我很难解决CORS的问题。

I have a javascript sending AJAX Put/Fetch requests to Apache/PHP script. 我有一个JavaScript将AJAX放置/获取请求发送到Apache / PHP脚本。

In this case, for the example, the javascript is running on CodePen, and the Apache/PHP is on a local server. 在这种情况下,例如,javascript在CodePen上运行,而Apache / PHP在本地服务器上。

I'm checking the origin against a list of allowed hosts. 我正在对照允许的主机列表检查来源。

It should be possible to let PHP return headers like: 应该有可能让PHP返回标头,例如:

$headers = getallheaders();

if ( checkorigin($headers['Origin']) === false) $headers['Origin'] = null;

header('Access-Control-Allow-Origin: ' . $headers['Origin']);
header('Access-Control-Allow-Methods: PUT, POST');
header('Access-Control-Allow-Headers: content-type');
header('Access-Control-Allow-Credentials: true');

This doesn't work. 这行不通。

Hard coding https://s.codepen.io into the header does work. https://s.codepen.io硬编码到标头中确实有效。

Ideas anyone ? 有任何想法吗?

Solution

Changing from: 从:

header('Access-Control-Allow-Origin: ' . $headers['Origin']);

to: 至:

header('Access-Control-Allow-Origin: ' . "{$_SERVER['HTTP_ORIGIN']}");

did the trick. 做到了。 Thanks to Rohit.007 感谢Rohit.007

尝试

header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM