// 制定允许其他域名访问
header("Access-Control-Allow-Origin:*");
// 响应类型
header('Access-Control-Allow-Methods:POST');
// 响应头设置
header('Access-Control-Allow-Headers:x-requested-with, content-type');
解决跨域的关键是设置 Access-Control-Allow-Origin。
例如:客户端的域名是 api.itbsl.com,而请求的域名是www.itbsl.com
如果直接使用ajax访问,会有以下错误:
XMLHttpRequest cannot load https://www.itbsl.com/server.php. No 'Access-Control-Allow-Origin' header is present on the requested resource.Origin 'https://api.itbsl.com' is therefore not allowed access.
1.允许单个域名访问
指定某域名(https://api.itbsl.com)跨域访问,则只需在https://www.itbsl.com/server.php文件头部添加如下代码:
header('Access-Control-Allow-Origin:https://api.itbsl.com');
2.允许多个域名访问
指定多个域名(https://api.itbsl.com、https://doc.itbsl.com等)跨域访问,则只需在https://www.itbsl.com/server.php文件头部添加如下代码:
$origin = isset($_SERVER['HTTP_ORIGIN']) $_SERVER['HTTP_ORIGIN'] : '';
$allow_origin = array(
'https://api.itbsl.com',
'https://doc.itbsl.com'
);
if(in_array($origin, $allow_origin)){
header('Access-Control-Allow-Origin:'.$origin);
}
3.允许所有域名访问
允许所有域名访问则只需在https://server.runoob.com/server.php文件头部添加如下代码:
header('Access-Control-Allow-Origin:*');