服务器端跨域访问(CROS)解决方案
- 高洛峰原创
- 2016-12-14 13:07:402549浏览
通过设置Http Header方式允许跨域名请求
<?php
header("Access-Control-Allow-Origin: http://www.requesting-page.com");
?>more details
browser(client) side code examples:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
server side code examples:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control
怎样配置Apache 服务器允许跨域名请求
How do we fix cross domain scripting issue ?
The simple solution is to allow the server to which request is being made to server request to any domain or to a list of domains. The important thing to remember is that the changes are to be made in the server which is serving the web service.
There are multiple ways to do it
1. You change settings in your apache’s httpd-vhosts.conf file ( I am using Apache 2.2 )
<VirtualHost *:80> ServerAdmin webmaster@dummy-host.com DocumentRoot “C:/apache-tomcat-6.0.29/webapps/myApplication” ServerName skill-guru.com ErrorLog “logs/skg1-error.log” CustomLog “logs/skg1-access.log” common Header set Access-Control-Allow-Origin “*” <Directory “C:/apache-tomcat-6.0.29/webapps/myApplication”> Options -Indexes FollowSymLinks AllowOverride AuthConfig FileInfo Order allow,deny Allow from all </Directory> JkUnmount /*.jsp ajp13 </VirtualHost>
Now after you set the value in apache server and look at the header and would see
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 00:23:53 GMT
Server: Apache/2.0.61
Access-Control-Allow-Origin: *
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/xml
怎样配置Tomcat 服务器允许跨域名请求
If you do not plan to use Apache and for some reasons using tomcat or any other similar web Container which supports filter, here is a ready made solution, Cors Filter
This gives you a servlet filter which is compatible with any Java Servlet 2.5+ web container.
Installation is very simple. Add the jar to your libraries
In you web.xml
add this line
<filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>