CORS 在 PHP 中不起作用
尝试从 www.siteone.com 向 www.sitetwo 发送包含表单数据的 POST 请求时。使用 CORS 访问 com 时,遇到以下错误:
XMLHttpRequest cannot load http://www.sitetwo.com/cors.php. Origin http://www.siteone.com is not allowed by Access-Control-Allow-Origin.
尽管在 www.sitetwo.com 上的 cors.php 中配置了 CORS 标头:
<code class="php">header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');</code>请求仍然失败,因为头配置的不正确实现。解决此问题的更新代码是:
<code class="php">// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
echo "You have CORS!";</code>此修订后的代码响应 OPTIONS 请求期间收到的访问控制标头,并允许来自任何来源的请求,从而允许 CORS 正常运行。
以上是尽管设置了 Access-Control-Allow-Origin 标头,为什么 CORS 在我的 PHP 应用程序中不起作用?的详细内容。更多信息请关注PHP中文网其他相关文章!
