Home >Backend Development >PHP Tutorial >An introduction to the method of controlling cross-domain domain names and allowing cross-domain image uploads in the PHP backend
This article brings you an introduction to the method of controlling cross-domain domain names and allowing cross-domain uploading of images on the PHP backend. It has certain reference value. Friends in need can refer to it. I hope it will be useful to you. Helps.
Cross-domain issues often need to be faced, and the front-end needs to be done more directly
Either choose ajax asynchronous submission, XML or jsonp, or form submission
jsonp can basically handle the big problem Some cross-domain problems, but the problem is also relatively obvious. It can only be submitted through the get method
And jsonp submits the request by putting parameters into the URL
But all browsers have URL length restrictions , different browsers have different length restrictions.
When you need to submit a large paragraph of content, such as an article, if you use jsonp, if the length exceeds the length, you can only divide and submit it.
It is very troublesome, and in the end it is not correct Security is somewhat affected
And axiox does not support jsonp now. Although there are ways to solve it
Especially for uploading image resources, it cannot be well implemented using methods such as jsonp
Scenarios that require cross-domain image uploading
Of course, it is best not to cross-domain, but most projects currently have the front-end and back-end separated
Static resources and interfaces are different domain names or second-level domain names respectively, which involves cross-domain
If it is a resource upload, the backend Access-Control-Allow-Origin and the current request are required for cross-domain Same as Origin, it cannot be set to *
php solution
If it is a traditional data request, then the backend directly sets Access-Control-Allow-Origin to * Okay
header('Access-Control-Allow-Origin:*');
But the Origin of uploading resources such as pictures needs to be the same as the value of Access-Control-Allow-Origin
If the Access-Control-Allow-Origin is set to be the same as the current Origin, then There is only one domain name that can be uploaded.
If other domain names need to call this interface, they will be banned.
So the best way is to limit the list of domain names that can call this interface, that is Improved security to a certain extent
The method is to first obtain the Origin of the current request, and if it is in the list of domain names that are allowed to be accessed
set the value of Access-Control-Allow-Origin to the current request Origin
$originList = [ 'http://127.0.0.1', 'http://www.php.cn', 'http://www.php.cn', ]; if(in_array($_SERVER['HTTP_ORIGIN'], $originList)){ header('Access-Control-Allow-Origin:'.$origin); header("Access-Control-Allow-Credentials: true"); header('Access-Control-Allow-Headers:x-requested-with,content-type'); header("Access-Control-Allow-Methods: POST,GET,OPTIONS"); }
In this way, you can control domain names that can be cross-domain, and image resources can be uploaded as happily as in the same domain
The post method is also applicable to cross-domain submission
The above is the detailed content of An introduction to the method of controlling cross-domain domain names and allowing cross-domain image uploads in the PHP backend. For more information, please follow other related articles on the PHP Chinese website!