访问控制允许原点多原域？ [英] Access-Control-Allow-Origin Multiple Origin Domains?

问题描述

有没有办法允许多个跨网域使用Access-Control-Allow-Origin标头？

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

我知道*，但它是太开放。

I'm aware of the *, but it is too open. I really want to allow just a couple domains.

例如，像这样：

Access-Control-Allow-Origin: http://domain1.com, http://domain2.com

我已经尝试了上面的代码，但它似乎不工作在Firefox。

I have tried the above code but it doesn't seem to work in Firefox.

可以指定多个域或am我坚持只有一个？

Is it possible to specify multiple domains or am I stuck with just one?

推荐答案

听起来像推荐的做法是让你的服务器读取Origin标题从客户端，将其与您希望允许的域列表进行比较，如果匹配，请将响应中的Access-Control-Allow-Origin标头回溯到客户端的Origin标头的值。

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you'd like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

使用 .htaccess ，您可以这样做：

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "\.(ttf|otf|eot|woff)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)?(google.com|staging.google.com|development.google.com|otherdomain.net|dev02.otherdomain.net)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    </IfModule>
</FilesMatch>

这篇关于访问控制允许原点多原域？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！