在.htaccess中启用cors

我已经使用SLIM PHP框架创build了一个基本的RESTful服务,现在我正在尝试将它连接起来,以便可以从Angular.js项目访问服务。 我已经读了Angular支持CORS的开箱即用,所有我需要做的就是添加这一行: Header set Access-Control-Allow-Origin "*"到我的.htaccess文件。

我做了这个,我的REST应用程序仍然在工作(没有500内部服务器错误从一个坏的.htaccess),但是当我尝试从test-cors.orgtesting它是抛出一个错误。

 Fired XHR event: loadstart Fired XHR event: readystatechange Fired XHR event: error XHR status: 0 XHR status text: Fired XHR event: loadend 

我的.htaccess文件看起来像这样

 RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ /index.php [QSA,L] Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT" 

有什么我需要添加到我的.htaccess让这个工作正常或有另一种方式来启用我的服务器上的CORS?

因为我已经把所有东西都转发到了index.php,我想我会尝试在PHP中设置标题,而不是.htaccess文件,它的工作! 好极了! 这是我添加到index.php为其他人有这个问题。

 // Allow from any origin if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 86400'); // cache for 1 day } // Access-Control headers are received during OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"); } 

信贷去削减他的答案在这个问题上的武器

因为我正在使用Slim,所以我添加了这个路由,以便OPTIONS请求得到一个HTTP 200响应

 // return HTTP 200 for HTTP OPTIONS requests $app->map('/:x+', function($x) { http_response_code(200); })->via('OPTIONS'); 

.htaccess使用add而不是set

 Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT" 

这对我来说是有效的:

 Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type" Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS" 

这看起来像你正在使用一个旧版本的苗条(2.x)。 您只需将以下几行添加到.htaccess中,而不需要在PHP脚本中执行任何操作。

 # Enable cross domain access control SetEnvIf Origin "^http(s)?://(.+\.)?(domain_one\.com|domain_two\.net)$" REQUEST_ORIGIN=$0 Header always set Access-Control-Allow-Origin %{REQUEST_ORIGIN}e env=REQUEST_ORIGIN Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE" Header always set Access-Control-Allow-Headers: Authorization # Force to request 200 for options RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule .* / [R=200,L] 

感谢德文,我想出了适用于我的SLIM应用程序的多域访问解决scheme。

在htaccess中:

 SetEnvIf Origin "http(s)?://(www\.)?(allowed.domain.one|allowed.domain.two)$" AccessControlAllowOrigin=$0$1 Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin Header set Access-Control-Allow-Credentials true 

在index.php

  // Access-Control headers are received during OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"); } // instead of mapping: $app->options('/(:x+)', function() use ($app) { //...return correct headers... $app->response->setStatus(200); }); 

我试过@abimelex解决scheme,但在Slim 3.0中,映射OPTIONS请求的方式如下所示:

 $app = new \Slim\App(); $app->options('/books/{id}', function ($request, $response, $args) { // Return response headers }); 

https://www.slimframework.com/docs/objects/router.html#options-route

正如在这个答案中,您可以使用<File>来为这个代码的单个文件启用CORS 的特定文件的自定义HTTP标题 :

 <Files "index.php"> Header set Access-Control-Allow-Origin "*" Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT" </Files>