php、java设置多个Access-Control-Allow-Origin的方法
Access-Control-Allow-Origin只能设置一个值,要么是*,要么是单个域名,关键是还不支持泛域名*.bfw,wiki这种形式,怎么办,今天教大家一招,动态判断来路域名,然后再动态设置Access-Control-Allow-Origin
先看PHP怎么实现
<?php $origin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : ''; $allow_origin = array( 'http://www.bfw.wiki', 'http://img.bfw.wiki', ); if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { if (in_array($origin, $allow_origin)) { header("Access-Control-Allow-Origin:".$origin); header("Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Authorization"); header('Access-Control-Allow-Methods: GET, POST,OPTIONS,PATCH'); } exit(); } ?>再看java怎么实现
public static final String[] ALLOW_DOMAIN = { "http://www.bfw.wiki", "http://img.bfw.wiki" }; HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String originHeader = req.getHeader("Origin"); if (Arrays.asList(Constants.ALLOW_DOMAIN).contains(originHeader)) { res.setHeader("Access-Control-Allow-Origin", originHeader); res.setHeader("Allow", "*"); res.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS"); res.setHeader( "Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Referer, User-Agent, Authorization, X-Auth-Token"); res.setHeader("Access-Control-Max-Age", "3600"); // 接收跨域的COOKIE res.setHeader("Access-Control-Allow-Credentials", "true"); if ("IE".equals(req.getParameter("type"))) { ((HttpServletResponse) response).setHeader( "XDomainRequestAllowed", "1"); } if (req.getMethod().toLowerCase().equals("options")) { res.setHeader("Content-type", "text/html"); res.getWriter().write("options OK"); return; } }
网友评论0