Apache / PHP and dynamic CORS
Question
I'm having a hard time to get around that CORS thing.
I have a javascript sending AJAX Put/Fetch requests to Apache/PHP script.
In this case, for the example, the javascript is running on CodePen, and the Apache/PHP is on a local server.
I'm checking the origin against a list of allowed hosts.
It should be possible to let PHP return headers like:
$headers = getallheaders();
if ( checkorigin($headers['Origin']) === false) $headers['Origin'] = null;
header('Access-Control-Allow-Origin: ' . $headers['Origin']);
header('Access-Control-Allow-Methods: PUT, POST');
header('Access-Control-Allow-Headers: content-type');
header('Access-Control-Allow-Credentials: true');
This doesn't work.
Hard coding https://s.codepen.io into the header does work.
Ideas anyone ?
Solution
Changing from:
header('Access-Control-Allow-Origin: ' . $headers['Origin']);
to:
header('Access-Control-Allow-Origin: ' . "{$_SERVER['HTTP_ORIGIN']}");
did the trick. Thanks to Rohit.007
1 answers
solution1
1 ACCPTED 2018-07-21 10:09:39
尝试
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.