Linux+apache cross-domain configuration

#To understand cross-domain, you must first understand the same-origin policy. The Same Origin Policy is a very important security policy implemented on browsers for security reasons.

Related recommendations: [Linux video tutorial]

What is the same origin:

URL consists of protocol, domain name, port and path. If the protocol, domain name and port of two URLs are the same, it means that they have the same origin.

Same-origin policy:

The browser's same-origin policy restricts "documents" or scripts from different sources from reading or setting the current "document" certain properties.

Scripts loaded from one domain are not allowed to access document properties of another domain.

Edit apache configuration

Edit apache configuration file httpd.conf

Open extension

LoadModule headers_module modules/mod_headers.so

Add configuration

 AllowOverride None Header set Access-Control-Allow-Origin * //设置允许跨域域名 Header set Access-Control-Allow-Methods * //响应标头指定响应访问所述资源到时允许的一种或多种方法预检请求 Header set Access-Control-Allow-Headers content-type,authorization //响应报头在响应用于一个预检请求指示哪个HTTP标头将通过提供Access-Control-Expose-Headers使实际的请求时。 Header set Access-Control-Max-Age '1728000'//响应 header 指示多长时间的结果预检请求（即包含在所述信息Access-Control-Allow-Methods和Access-Control-Allow-Headers的 headers ）可以被缓存。 Header set Content-Security-Policy upgrade-insecure-requests 

You can understand the http protocol by yourself for detailed configuration

Restart apapche

service httpd restart

The above is the detailed content of Linux+apache cross-domain configuration. For more information, please follow other related articles on the PHP Chinese website!