访问控制允许带和不带 www 的 Origin
Access Control Allow Origin with and without www
我用以下 header 构建了一个 php API:
header("Access-Control-Allow-Origin: https://my-domain.de");
有了它,我只能从 https://my-domain.de 而不能从 https://www.my-domain.de
访问 api
我得到:
Origin https://www.my-domain.de is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://my-domain.de/checkin/api/generateUser.php due to access control checks.
我怎样才能使它同时适用于:www 和不带 www?
您可以再添加一行:
header("Access-Control-Allow-Origin: https://my-domain.de");
header("Access-Control-Allow-Origin: https://www.my-domain.de");
PHP不支持通配符headers,你要么支持所有域:
header("Access-Control-Allow-Origin: *");
或具体如上
我用以下 header 构建了一个 php API:
header("Access-Control-Allow-Origin: https://my-domain.de");
有了它,我只能从 https://my-domain.de 而不能从 https://www.my-domain.de
我得到:
Origin https://www.my-domain.de is not allowed by Access-Control-Allow-Origin.
[Error] XMLHttpRequest cannot load https://my-domain.de/checkin/api/generateUser.php due to access control checks.
我怎样才能使它同时适用于:www 和不带 www?
您可以再添加一行:
header("Access-Control-Allow-Origin: https://my-domain.de");
header("Access-Control-Allow-Origin: https://www.my-domain.de");
PHP不支持通配符headers,你要么支持所有域:
header("Access-Control-Allow-Origin: *");
或具体如上