http

2018-06-16 19:24:53

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

I'm aware of the *, but it is too open. I really want to allow just a couple domains.

As an example, something like this:

Access-Control-Allow-Origin: http://domain1.com, http://domain2.com

I have tried the above code but it doesn't seem to work in Firefox.

Is it possible to specify multiple domains or am I stuck with just one?

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you'd like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch ".(ttf|otf|eot|woff)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www.)?(google.com|staging.google.com|development.google.com|otherdomain.net|dev02.otherdomain.net)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    </IfModule>
</FilesMatch>

我在PHP中使用的另一个解决方案：

$http_origin = $_SERVER['HTTP_ORIGIN'];

if ($http_origin == "http://www.domain1.com" || $http_origin == "http://www.domain2.com" || $http_origin == "http://www.domain3.info")
{  
    header("Access-Control-Allow-Origin: $http_origin");
}

This worked for me:

SetEnvIf Origin "^http(s)?://(.+.)?(domain.org|domain2.com)$" origin_is=$0 
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is

put in .htaccess

it will work for sure.

Cheers!!

链接地址: http://www.djcxy.com/p/47554.html

上一篇: 在AngularJS中设置JSONP回调函数

下一篇: HTTP