指定多个子站点使用访问控制原产地 [英] Specify Multiple Subdomains with Access Control Origin

问题描述

我想允许访问我的网站上每个子域，以允许跨子域AJAX调用。有没有一种方法来指定一个网站的所有子像 * example.com 或替代，为什么下面没有，当我有多个域名上市工作：

I am trying to allow access to every subdomain on my site in order to allow cross subdomain AJAX calls. Is there a way to specify all subdomains of a site like *.example.com or alternatively, why does the following not work when I have more than one domain listed:

header('Access-Control-Allow-Origin: http://api.example.com http://www.example.com');

我走过这似乎是相似的，如果不一样，这一次，除此之外，我希望获得子域的事实以下问题看，这一次指的是一般的域。

I have read through the following question which appears to be similar, if not the same as this one, other than the fact that I want access to subdomains and this one refers to general domains.

<一个href="http://stackoverflow.com/questions/1653308/access-control-allow-origin-multiple-origin-domains">Access-Control-Allow-Origin多地域？

如果上面的问题是解决这个问题的话，我怎么能够检索从标题的由来。看来，$ _ SERVER ['HTTP_ORIGIN']是非常不可靠的，甚至没有跨浏览器。我需要能够看到在任何浏览器的起源尝试使用JavaScript来发送一个AJAX调用时可能会显示一个错误。

If the above question is the solution to this problem, then how am I able to retrieve the origin from the header. It appears that $_SERVER['HTTP_ORIGIN'] is very unreliable and not even cross browser. I need to be able to see the origin in any browser that may show an error when trying to send an AJAX call using javascript.

推荐答案

解决这个问题的方法是使用$ _ SERVER ['HTTP_ORIGIN']变量来确定该请求是否已经从允许的域。它然后设置这样的：

The solution to this issue is to use the $_SERVER['HTTP_ORIGIN'] variable to determine whether the request has come from an allowed domain. It has then set this:

header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);

这篇关于指定多个子站点使用访问控制原产地的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！