访问控制 - 允许 - 产地多地域？ [英] Access-Control-Allow-Origin Multiple Origin Domains?

问题描述

有没有一种方法，让多个交叉领域使用访问控制 - 允许 - 产地标头？

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

我知道了*，但它太开放了。我真想让只是一对夫妇域。

I'm aware of the *, but it is too open. I really want to allow just a couple domains.

作为一个例子，是这样的：

As an example, something like this:

Access-Control-Allow-Origin: http://domain1.com, http://domain2.com

我已经试过了上述code，但它似乎并没有在Firefox工作。

I have tried the above code but it doesn't seem to work in Firefox.

是否可以指定多个域还是我坚持只用一个？

Is it possible to specify multiple domains or am I stuck with just one?

推荐答案

听起来就像是推荐的方式来做到这一点是让你的服务器从客户端读取的起源头，比较，为域名的列表，你想允许，并且如果匹配，呼应了原点头的值返回给客户端的访问控制 - 允许 - 产地的响应头。

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you'd like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

这篇关于访问控制 - 允许 - 产地多地域？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！