在CORS中使用正则表达式 [英] Using a regular expression with CORS
问题描述
我正在尝试对cors使用正则表达式.我已经读过很多遍了,因为cors是所有(*)或确切的域,这是不可能的. Access-Control-Allow-Origin通配符子域,端口和协议.但是,这似乎是矛盾的: http ://www.cameronstokes.com/2010/12/26/cross-origin-resource-sharing-and-apache-httpd/.有人可以澄清一下,如果可以使用正则表达式,请提供一个简单的示例,因为我尝试实现上面的链接,但没有成功.
I am trying to use a regular expression with cors. I have read many times that this is not possible that cors is all (*) or exact domains. Access-Control-Allow-Origin wildcard subdomains, ports and protocols . However this seems to contradict :http://www.cameronstokes.com/2010/12/26/cross-origin-resource-sharing-and-apache-httpd/. Could somebody clarify and if using a regular expression is possible provide a simple example as I have tried to implement the link above but with no success.
希望使用的正则表达式为
The regular expression is wish to use is
^http\://\blocal-.*\b\.testing-test:10005$
我已经检查了我的正则表达式,它与生成的URL匹配. 我已经按照如下建议将SetEnvIF和Header设置行添加到我的apache2.conf中(这是正确的吗?),如下所示:
I have checked my regex and it matches the generated URLs. I have added SetEnvIF and Header set lines as suggested to my apache2.conf (is this correct?) as follows
SetEnvIf Origin "^http\://\blocal-.*\b\.mycompany-it:10005$"
AccessControlAllowOrigin=$0 Header add Access-Control-Allow-Origin %
{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
我不知道下一步该怎么办,它不起作用 预先感谢
I am lost as to what to do next.It doesn't work Thanks in advance
推荐答案
Access-Control-Allow-Origin标头只能是通配符'*'或确切的URL.一种方法是首先从请求中获取Origin头的值(这随服务器而异,但是一个示例可能看起来像:request.headers['Origin']).
Access-Control-Allow-Origin Headers can only be a wildcard '*' or an exact url. One way to do this is to first get the value of the Origin header from the request (this varies from server to server, but one sample might look like: request.headers['Origin']).
然后使用请求Origin的值进行正则表达式检查.如果请求的原点通过了带有允许的正则表达式的检查,那么您可以简单地将Access-Control-Allow-Origin的值设置为请求的原点的值(示例:response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']).这样,您就不会违反访问控制是严格URL的规则,而且还允许服务器接受多个不同的允许来源.
Then do a regex check with the value of the request Origin. If the request's origin passes the check with the allowed regex expression, then you can simply set the value of Access-Control-Allow-Origin to the value of the request's Origin (sample: response.headers['Access-Control-Allow-Origin'] = request.headers['Origin']). In this way, you aren't violating the rule of the access control being a strict url, but also allowing the server to accept multiple different allowed origins.
这篇关于在CORS中使用正则表达式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
