[英]Access Control Allow Origin with and without www
I built a php API with the following header:我用以下 header 构建了一个 php API:
header("Access-Control-Allow-Origin: https://my-domain.de");
With that, I can access the api only from https://my-domain.de
but not from https://www.my-domain.de
这样,我只能从
https://my-domain.de
访问 api,但不能从https://www.my-domain.de
I get:我得到:
Origin https://www.my-domain.de is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://my-domain.de/checkin/api/generateUser.php due to access control checks.
How can I make this working for both: www and without www?我怎样才能使它同时适用于:www 和没有 www?
You can just add another line:您可以添加另一行:
header("Access-Control-Allow-Origin: https://my-domain.de");
header("Access-Control-Allow-Origin: https://www.my-domain.de");
PHP doesn't support wildcard headers, you either support all domains: PHP 不支持通配符标头,您要么支持所有域:
header("Access-Control-Allow-Origin: *");
Or specific as above或具体如上
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.