能够在.htaccess CORS [英] enable cors in .htaccess

问题描述

我创建了一个基本的RESTful服务与SLIM PHP框架，现在我试图连线起来，这样我可以从Angular.js项目访问该服务。我已阅读，角支持CORS开箱和所有我需要做的是加入这一行：标题设置访问控制 - 允许 - 起源*我的。 htaccess文件。

I have created a basic RESTful service with the SLIM PHP framework and now I'm trying to wire it up so that I can access the service from an Angular.js project. I have read that Angular supports CORS out of the box and all I needed to do was add this line: Header set Access-Control-Allow-Origin "*" to my .htaccess file.

我这样做，我的REST应用仍然是工作（从坏的.htaccess没有500内部服务器错误），但是当我尝试从的 test-cors.org 它抛出一个错误。

I've done this and my REST application is still working (no 500 internal server error from a bad .htaccess) but when I try to test it from test-cors.org it is throwing an error.

Fired XHR event: loadstart
Fired XHR event: readystatechange
Fired XHR event: error

XHR status: 0
XHR status text: 
Fired XHR event: loadend

我的.htaccess文件看起来像这样

My .htaccess file looks like this

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /index.php [QSA,L]
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"

有没有别的东西，我需要添加到我的.htaccess得到这个正常工作，或有另一种方式，以我的服务器上启用CORS？

Is there something else I need to add to my .htaccess to get this to work properly or is there another way to enable CORS on my server?

推荐答案

自从我拥有了一切被转发反正到index.php我想我会尝试的.htaccess文件中设置PHP中的标题，而不是和它的工作！好极了！这是我加什么的index.php其他任何人有这个问题。

Since I had everything being forwarded to index.php anyway I thought I would try setting the headers in PHP instead of the .htaccess file and it worked! YAY! Here's what I added to index.php for anyone else having this problem.

// Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }
    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    }

归功于slashingweapon他的回答在这个问题

由于我使用的是修身我加入这条路线，使OPTIONS请求得到一个HTTP 200响应

Because I'm using Slim I added this route so that OPTIONS requests get a HTTP 200 response

// return HTTP 200 for HTTP OPTIONS requests
$app->map('/:x+', function($x) {
    http_response_code(200);
})->via('OPTIONS');

这篇关于能够在.htaccess CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！