Apache为白名单路由配置CORS标头 [英] Apache Configure CORS Headers for Whitelist Routes

问题描述

我正在尝试允许对"/api/whateverEndpoint"的调用，同时保持对所有其他调用的CORS严格.

I'm trying to allow calls made to "/api/whateverEndpoint", while keeping CORS strict for all other calls.

我已经看到此链接使用Apache列入白名单的CORS ，它提供了起源解决方案过滤:

I've come across this link Whitelisted CORS using Apache which gives the solution for origin filtering:

# e.g. origin = https://host-b.local
SetEnvIfNoCase Origin "https://host-b.local" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin

但是我需要对此进行调整以根据请求uri进行过滤.

But i need to adapt this to filter based on the request uri.

任何想法都将受到赞赏

推荐答案

因此，您只需要根据与 Request_URI 的匹配项来设置变量，然后使用该变量即可；像这样:

So you just need to set a variable based on a match against Request_URI, then use that; like this:

SetEnvIf Request_URI "^/api/whateverEndpoint" IsAllowedEndpoint
Header set Access-Control-Allow-Origin "*" env=IsAllowedEndpoint

这篇关于Apache为白名单路由配置CORS标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！