为跨域ajax请求设置访问控制 [英] Setting up access-control for cross-domain ajax request

问题描述

我有三个子域，分别是 a.xyz.com、b.xyz.com、c.xyz.com. 现在，我有大约 20 个 ajax 请求要在 body onload 上进行a.xyz.com.

I have three sub-domains namely, a.xyz.com, b.xyz.com, c.xyz.com. Now, I have about 20 ajax request to be made on body onload of a.xyz.com.

因此，我想到了在上述三个域之间平均分配 20 个请求.我通过 b.xyz.com 和 c.xyz.com 的 .htaccess 中的这段代码片段进行了尝试.然而，从 a.xyz.com 到任何其他子域的请求仍然被转储.

So, I thought of distributing 20 requests equally among the three domains above. I tried it through this piece of snippet in .htaccess of b.xyz.com and c.xyz.com. However, the request from a.xyz.com to any other sub-domain is still getting dumped.

<IfModule mod_headers.c>
   <FilesMatch ".(php)$">
    Header set Access-Control-Allow-Origin: http://a.xyz.com,http://b.xyz.com,http://b.xyz.com
    Header set Access-Control-Allow-Methods : POST,GET,OPTIONS
</FilesMatch>
  </IfModule>

我已将上述 .htaccess 文件放在我的子域 b.xyz.com 和 c.xyz.com 中.

I have placed the above .htaccess file in my subdomains b.xyz.com and c.xyz.com.

那么，谁能预测我的方法有什么问题?

So, can anyone predict whats wrong in my approach ?

谢谢！

推荐答案

试试这个以允许所有 xyz.com 子域上的跨域:

Try this to allow cross domain on all xyz.com subdomains:

SetEnvIf Origin "http(s)?://(.+.)?(xyz.com)$" ORIGIN_DOMAIN=$0
<FilesMatch ".(php)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin %{ORIGIN_DOMAIN}e env=ORIGIN_DOMAIN
    Header set Access-Control-Allow-Methods "POST,GET,OPTIONS"
  </IfModule>
</FilesMatch>

这篇关于为跨域ajax请求设置访问控制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！