与PHP头的CORS
我有一个简单的PHP脚本,我正在尝试跨域CORS请求:
<?php header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: *"); ...
但我仍然得到错误:
Access-Control-Allow-Headers
不允许请求头字段X-Requested-With
任何我失踪?
Access-Control-Allow-Headers
不允许将*
作为可接受的值,请参阅此处的Mozilla文档。
您应该发送接受的头文件(第一个X-Requested-With
正如错误所述),而不是星号。
妥善处理CORS请求涉及更多。 这是一个function,将更充分(适当)作出反应。
/** * An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any * origin. * * In a production environment, you probably want to be more restrictive, but this gives you * the general idea of what is involved. For the nitty-gritty low-down, read: * * - https://developer.mozilla.org/en/HTTP_access_control * - http://www.w3.org/TR/cors/ * */ function cors() { // Allow from any origin if (isset($_SERVER['HTTP_ORIGIN'])) { // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one // you want to allow, and if so: header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Max-Age: 86400'); // cache for 1 day } // Access-Control headers are received during OPTIONS requests if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) // may also be using PUT, PATCH, HEAD etc header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"); exit(0); } echo "You have CORS!"; }
我得到了同样的错误,并在后端脚本中使用以下PHP进行修复:
头('访问控制,允许来源:*');
头('访问控制 – 允许 – 方法:GET,POST');
头(“Access-Control-Allow-Headers:X-Requested-With”);
我只是设法得到dropzone和其他插件来处理这个修复(angularjs + PHP的后端)
header('Access-Control-Allow-Origin: *'); header("Access-Control-Allow-Credentials: true"); header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS'); header('Access-Control-Max-Age: 1000'); header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization');
把这个添加到你的upload.php文件中,或者发送你的请求的地方(例如,如果你有upload.html,你需要附加文件到upload.php,然后复制并粘贴这4行)。 另外,如果您在Chrome / Mozilla中使用CORS插件/插件,请务必多次切换它们,以便启用CORS
许多互联网上的描述都没有提到指定Access-Control-Allow-Origin
是不够的。 这是一个完整的例子,适合我:
<?php if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, DELETE, PUT, PATCH, OPTIONS'); header('Access-Control-Allow-Headers: token, Content-Type'); header('Access-Control-Max-Age: 1728000'); header('Content-Length: 0'); header('Content-Type: text/plain'); die(); } header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); $ret = [ 'result' => 'OK', ]; print json_encode($ret);
如果你想从PHP创build一个CORS服务,你可以使用这个代码作为处理请求的文件的第一步:
// Allow from any origin if(isset($_SERVER["HTTP_ORIGIN"])) { // You can decide if the origin in $_SERVER['HTTP_ORIGIN'] is something you want to allow, or as we do here, just allow all header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); } else { //No HTTP_ORIGIN set, so we allow any. You can disallow if needed here header("Access-Control-Allow-Origin: *"); } header("Access-Control-Allow-Credentials: true"); header("Access-Control-Max-Age: 600"); // cache for 10 minutes if($_SERVER["REQUEST_METHOD"] == "OPTIONS") { if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"])) header("Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT"); //Make sure you remove those you do not want to support if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}"); //Just exit with 200 OK with the above headers for OPTIONS method exit(0); } //From here, handle the request as it is ok
如果我们不正确地理解它的function,CORS可能会成为一个头痛的问题。 我在PHP中使用它们,他们工作没有问题。 参考这里
header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Credentials: true"); header("Access-Control-Max-Age: 1000"); header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Cache-Control, Pragma, Authorization, Accept, Accept-Encoding"); header("Access-Control-Allow-Methods: PUT, POST, GET, OPTIONS, DELETE");