Home >Backend Development >PHP Tutorial >php apache uses cors to achieve cross-domain
apaceh configuration:
<VirtualHost *:80> ServerAdmin xxx@qq.com DocumentRoot "C:/htdocs/demo" ServerName dev.dd.cn ##ErrorLog "logs/dummy-host.localhost-error.log" ##CustomLog "logs/dummy-host.localhost-access.log" combined <Directory "C:/htdocs/demo"> #Require all denied Header set Access-Control-Allow-Origin * </Directory> </VirtualHost>
PHP file settings:
<?php header("Access-Control-Allow-Origin:*"); //处理请求输出数据 ?>
The meaning of the configuration is to allow requests initiated by any domain to obtain the data of the current server. Of course, this is very dangerous, and malicious sites may attack our servers through XSS. Therefore, we should try our best to limit security sources in a targeted manner. For example, the following settings allow only the domain http://feng.com to access the server's API across domains.
httpd.conf:
<VirtualHost *:80> ServerAdmin xxx@qq.com DocumentRoot "C:/htdocs/demo" ServerName dev.dd.cn ##ErrorLog "logs/dummy-host.localhost-error.log" ##CustomLog "logs/dummy-host.localhost-access.log" combined <Directory "C:/htdocs/demo"> #Require all denied Header set Access-Control-Allow-Origin http://feng.com </Directory> </VirtualHost>
PHP file:
header("Access-Control-Allow-Origin:http://feng.com");