An introduction to the method of controlling cross-domain domain names and allowing cross-domain image uploads in the PHP backend

This article brings you an introduction to the method of controlling cross-domain domain names and allowing cross-domain uploading of images on the PHP backend. It has certain reference value. Friends in need can refer to it. I hope it will be useful to you. Helps.

Cross-domain issues often need to be faced, and the front-end needs to be done more directly

Either choose ajax asynchronous submission, XML or jsonp, or form submission

jsonp can basically handle the big problem Some cross-domain problems, but the problem is also relatively obvious. It can only be submitted through the get method

And jsonp submits the request by putting parameters into the URL

But all browsers have URL length restrictions , different browsers have different length restrictions.

When you need to submit a large paragraph of content, such as an article, if you use jsonp, if the length exceeds the length, you can only divide and submit it.

It is very troublesome, and in the end it is not correct Security is somewhat affected

And axiox does not support jsonp now. Although there are ways to solve it

Especially for uploading image resources, it cannot be well implemented using methods such as jsonp

Scenarios that require cross-domain image uploading

Of course, it is best not to cross-domain, but most projects currently have the front-end and back-end separated

Static resources and interfaces are different domain names or second-level domain names respectively, which involves cross-domain

If it is a resource upload, the backend Access-Control-Allow-Origin and the current request are required for cross-domain Same as Origin, it cannot be set to *

php solution

If it is a traditional data request, then the backend directly sets Access-Control-Allow-Origin to * Okay

 header('Access-Control-Allow-Origin:*');

But the Origin of uploading resources such as pictures needs to be the same as the value of Access-Control-Allow-Origin

If the Access-Control-Allow-Origin is set to be the same as the current Origin, then There is only one domain name that can be uploaded.

If other domain names need to call this interface, they will be banned.

So the best way is to limit the list of domain names that can call this interface, that is Improved security to a certain extent

The method is to first obtain the Origin of the current request, and if it is in the list of domain names that are allowed to be accessed

set the value of Access-Control-Allow-Origin to the current request Origin

$originList = [
    'http://127.0.0.1',
    'http://www.php.cn',
    'http://www.php.cn',
];
if(in_array($_SERVER['HTTP_ORIGIN'], $originList)){
    header('Access-Control-Allow-Origin:'.$origin);
    header("Access-Control-Allow-Credentials: true");
    header('Access-Control-Allow-Headers:x-requested-with,content-type');
    header("Access-Control-Allow-Methods: POST,GET，OPTIONS");
}

In this way, you can control domain names that can be cross-domain, and image resources can be uploaded as happily as in the same domain

The post method is also applicable to cross-domain submission

The above is the detailed content of An introduction to the method of controlling cross-domain domain names and allowing cross-domain image uploads in the PHP backend. For more information, please follow other related articles on the PHP Chinese website!