服务器端跨域访问(CROS)解决方案

通过设置Http Header方式允许跨域名请求

<?php
    header("Access-Control-Allow-Origin: http://www.requesting-page.com");
?>

more details

browser(client) side code examples:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

server side code examples:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control

怎样配置Apache 服务器允许跨域名请求

How do we fix cross domain scripting issue ?

The simple solution is to allow the server to which request is being made to server request to any domain or to a list of domains. The important thing to remember is that the changes are to be made in the server which is serving the  web service.

There are multiple ways to do it

1.  You change settings in your apache’s  httpd-vhosts.conf file ( I am using Apache 2.2 )

<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.com
DocumentRoot “C:/apache-tomcat-6.0.29/webapps/myApplication”
ServerName skill-guru.com
ErrorLog “logs/skg1-error.log”
CustomLog “logs/skg1-access.log” common

Header set Access-Control-Allow-Origin “*”
<Directory “C:/apache-tomcat-6.0.29/webapps/myApplication”>
Options -Indexes FollowSymLinks
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
JkUnmount /*.jsp ajp13
</VirtualHost>

Now after you set the value in apache server and look at the header and would see
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2008 00:23:53 GMT
Server: Apache/2.0.61
Access-Control-Allow-Origin: *
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/xml

怎样配置Tomcat 服务器允许跨域名请求

If you do not plan to use Apache and for some reasons using tomcat or any other similar web Container which supports filter, here is a ready made solution, Cors Filter

This gives you a servlet filter which is compatible with any Java Servlet 2.5+ web container.

Installation is very simple. Add the jar to your libraries

In you web.xml

add this line

<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>