Home >Backend Development >PHP Tutorial >php apache uses cors to achieve cross-domain

php apache uses cors to achieve cross-domain

巴扎黑
巴扎黑Original
2016-11-08 11:56:312330browse

apaceh configuration:

<VirtualHost *:80>
    ServerAdmin xxx@qq.com
    DocumentRoot "C:/htdocs/demo"
    ServerName dev.dd.cn
    ##ErrorLog "logs/dummy-host.localhost-error.log"
    ##CustomLog "logs/dummy-host.localhost-access.log" combined
    <Directory "C:/htdocs/demo">
        #Require all denied
        Header set Access-Control-Allow-Origin *
    </Directory>
</VirtualHost>

PHP file settings:

<?php
     header("Access-Control-Allow-Origin:*"); 
     //处理请求输出数据
?>

The meaning of the configuration is to allow requests initiated by any domain to obtain the data of the current server. Of course, this is very dangerous, and malicious sites may attack our servers through XSS. Therefore, we should try our best to limit security sources in a targeted manner. For example, the following settings allow only the domain http://feng.com to access the server's API across domains.

httpd.conf:

<VirtualHost *:80>
    ServerAdmin xxx@qq.com
    DocumentRoot "C:/htdocs/demo"
    ServerName dev.dd.cn
    ##ErrorLog "logs/dummy-host.localhost-error.log"
    ##CustomLog "logs/dummy-host.localhost-access.log" combined
    <Directory "C:/htdocs/demo">
        #Require all denied
        Header set Access-Control-Allow-Origin http://feng.com
    </Directory>
</VirtualHost>

PHP file:

header("Access-Control-Allow-Origin:http://feng.com");


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn