Access-Control-Allow-Origin 多源域? [英] Access-Control-Allow-Origin Multiple Origin Domains?

查看:38
本文介绍了Access-Control-Allow-Origin 多源域?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有没有办法使用 Access-Control-Allow-Origin 标头允许多个跨域?

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

我知道*,但它太开放了.我真的想只允许几个域.

I'm aware of the *, but it is too open. I really want to allow just a couple domains.

举个例子,像这样:

Access-Control-Allow-Origin: http://domain1.example, http://domain2.example

我已经尝试了上面的代码,但它在 Firefox 中似乎不起作用.

I have tried the above code but it does not seem to work in Firefox.

是否可以指定多个域,还是只能使用一个域?

Is it possible to specify multiple domains or am I stuck with just one?

推荐答案

听起来推荐的方法是让您的服务器从客户端读取 Origin 标头,将其与您希望允许的域列表进行比较,如果匹配,则将 Origin 标头的值作为响应中的 Access-Control-Allow-Origin 标头回传回客户端.

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

使用 .htaccess 你可以这样做:

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch ".(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www.)?(google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

这篇关于Access-Control-Allow-Origin 多源域?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆