在 .htaccess 中启用 cors [英] enable cors in .htaccess

问题描述

我已经使用 SLIM PHP 框架创建了一个基本的 RESTful 服务，现在我正在尝试将其连接起来，以便我可以从 Angular.js 项目访问该服务.我已经读到 Angular 开箱即用地支持 CORS，我需要做的就是添加这一行:Header set Access-Control-Allow-Origin "*" 到我的 .htaccess 文件.

I have created a basic RESTful service with the SLIM PHP framework and now I'm trying to wire it up so that I can access the service from an Angular.js project. I have read that Angular supports CORS out of the box and all I needed to do was add this line: Header set Access-Control-Allow-Origin "*" to my .htaccess file.

我已经这样做了，我的 REST 应用程序仍在工作(没有 500 内部服务器错误来自一个坏的 .htaccess)但是当我尝试从 test-cors.org 抛出一个错误.

I've done this and my REST application is still working (no 500 internal server error from a bad .htaccess) but when I try to test it from test-cors.org it is throwing an error.

Fired XHR event: loadstart
Fired XHR event: readystatechange
Fired XHR event: error

XHR status: 0
XHR status text: 
Fired XHR event: loadend

我的 .htaccess 文件看起来像这样

My .htaccess file looks like this

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /index.php [QSA,L]
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"

我还需要向我的 .htaccess 添加其他内容才能使其正常工作，还是有其他方法可以在我的服务器上启用 CORS?

Is there something else I need to add to my .htaccess to get this to work properly or is there another way to enable CORS on my server?

推荐答案

因为我已经将所有内容都转发到 index.php，所以我想我会尝试在 PHP 中而不是 .htaccess 文件中设置标题，并且它起作用了！好极了！这是我为其他遇到此问题的人添加到 index.php 的内容.

Since I had everything being forwarded to index.php anyway I thought I would try setting the headers in PHP instead of the .htaccess file and it worked! YAY! Here's what I added to index.php for anyone else having this problem.

// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
    // should do a check here to match $_SERVER['HTTP_ORIGIN'] to a
    // whitelist of safe domains
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");         

    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

}

感谢 slashingweapon 对这个问题的回答

credit goes to slashingweapon for his answer on this question

因为我使用的是 Slim，所以我添加了这个路由，以便 OPTIONS 请求获得 HTTP 200 响应

Because I'm using Slim I added this route so that OPTIONS requests get a HTTP 200 response

// return HTTP 200 for HTTP OPTIONS requests
$app->map('/:x+', function($x) {
    http_response_code(200);
})->via('OPTIONS');

这篇关于在 .htaccess 中启用 cors的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！