php、java设置多个Access-Control-Allow-Origin的方法

php、java设置多个Access-Control-Allow-Origin的方法

php、java设置多个Access-Control-Allow-Origin的方法

Access-Control-Allow-Origin只能设置一个值,要么是*,要么是单个域名,关键是还不支持泛域名*.bfw,wiki这种形式,怎么办,今天教大家一招,动态判断来路域名,然后再动态设置Access-Control-Allow-Origin

先看PHP怎么实现

<?php
$origin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : '';
$allow_origin = array(
    'http://www.bfw.wiki',
    'http://img.bfw.wiki',
);


if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (in_array($origin, $allow_origin)) {
        header("Access-Control-Allow-Origin:".$origin);
        header("Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Authorization");
        header('Access-Control-Allow-Methods: GET, POST,OPTIONS,PATCH');
    }
    exit();
}
?>

再看java怎么实现

public static final String[] ALLOW_DOMAIN = {
    "http://www.bfw.wiki",
    "http://img.bfw.wiki"
};
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
String originHeader = req.getHeader("Origin");
if (Arrays.asList(Constants.ALLOW_DOMAIN).contains(originHeader)) {
    res.setHeader("Access-Control-Allow-Origin", originHeader);
    res.setHeader("Allow", "*");
    res.setHeader("Access-Control-Allow-Methods",
        "POST, GET, PUT, DELETE, OPTIONS");
    res.setHeader(
        "Access-Control-Allow-Headers",
        "Origin, X-Requested-With, Content-Type, Accept, Referer, User-Agent, Authorization, X-Auth-Token");
    res.setHeader("Access-Control-Max-Age", "3600");
    // 接收跨域的COOKIE
    res.setHeader("Access-Control-Allow-Credentials", "true");
    if ("IE".equals(req.getParameter("type"))) {
        ((HttpServletResponse) response).setHeader(
            "XDomainRequestAllowed", "1");
    }
    if (req.getMethod().toLowerCase().equals("options")) {
        res.setHeader("Content-type", "text/html");
        res.getWriter().write("options OK");
        return;
    }
}


{{collectdata}}

网友评论0