enabling CORS for set of websites
Question
I am using
header("Access-Control-Allow-Origin: *");
in my php files to enable CORS for ajax request on cross sites. I have list of websites stored on my database. Now my problem is how could I enable CORS only for the websites stored on my database, and block ajax request from rest of the websites which are not listed in my database. Also I want to know about drawbacks and solution of enabling CORS for all websites for cross site ajax request.
1 answers
solution1
1 ACCPTED
for this you can check for the URL as
$incomingOrigin = $webURL;
$hotdat = array();
foreach ($hotelURL as $releted){ //$hotelURL is an array from your database
$addURL = $releted->url; // $releted->url the db field name for url
array_push($hotdat, $addURL);
}
if ($incomingOrigin !== null && isOriginAllowed($incomingOrigin, $hotdat)== TRUE)
{
header("Access-Control-Allow-Origin: $incomingOrigin");
}else{
echo ("CSRF protection in POST request: detected invalid Origin header: " . $incomingOrigin);
header("Access-Control-Allow-Origin: http://bookingpoints.com");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Security risks with enabling CORS
Enabling CORS in CakePHP app
enabling cors in codeigniter ( restserver by @chriskacerguis )
HTTP OPTIONS request on Azure Websites fails due to CORS
CORS headers not set on PHP
Enabling CORS on Google App Engine Flexible environment PHP (Laravel)
How to set redirects to many websites in apache with htaccess?
How to set a php session cookie to all websites?
Symfony 3 Nelmio cors set allow origin properly
CORS Ajax Request: Set-Cookie failing
Related Tags