I am using
header("Access-Control-Allow-Origin: *");
in my php files to enable CORS for ajax request on cross sites. I have list of websites stored on my database. Now my problem is how could I enable CORS only for the websites stored on my database, and block ajax request from rest of the websites which are not listed in my database. Also I want to know about drawbacks and solution of enabling CORS for all websites for cross site ajax request.
for this you can check for the URL as
$incomingOrigin = $webURL;
$hotdat = array();
foreach ($hotelURL as $releted){ //$hotelURL is an array from your database
$addURL = $releted->url; // $releted->url the db field name for url
array_push($hotdat, $addURL);
}
if ($incomingOrigin !== null && isOriginAllowed($incomingOrigin, $hotdat)== TRUE)
{
header("Access-Control-Allow-Origin: $incomingOrigin");
}else{
echo ("CSRF protection in POST request: detected invalid Origin header: " . $incomingOrigin);
header("Access-Control-Allow-Origin: http://bookingpoints.com");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.