Specify Multiple Subdomains with Access Control Origin

后端 未结 7 859
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-02-13 17:57

I am trying to allow access to every subdomain on my site in order to allow cross subdomain AJAX calls. Is there a way to specify all subdomains of a site like *.example.c

7条回答
  •  花落未央
    2021-02-13 18:29

    //Function to be called first in php file.
    function CORS_HEADERS_HANDLER(){
      if (isset($_SERVER['HTTP_ORIGIN'])){
        switch($_SERVER['HTTP_ORIGIN']){
            //Handle an IP address and Port
          case 'http://1.2.3.4:4200':
            header('Access-Control-Allow-Origin: http://1.2.3.4:4200');
            break;
            //Handle an Website Domain (using https)
          case 'https://www.someSite.com':
            header('Access-Control-Allow-Origin: https://www.someSite.com');
            break;
            //Handle an Website Domain (using http)
          case 'http://www.someSite.com':
            header('Access-Control-Allow-Origin: http://www.someSite.com');
            break;
            //Catch if someone's site is actually the reject being cheeky
          case 'https://not.you':
            header('Access-Control-Allow-Origin: https://nice.try');
            break;
            //Handle a rejection passing something that is not the request origin.
          default:
            header('Access-Control-Allow-Origin: https://not.you');
            break;
        }
      }else{
        header('Access-Control-Allow-Origin: https://not.you');
      }
      header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
      header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
      header('Access-Control-Allow-Credentials: true');
      header('Content-Type: application/json; charset=utf-8');
      header("Cache-Control: public,max-age=3600");
      //if its an options request you don't need to proceed past CORS request.
      if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
        die();
      }
    }
    

提交回复
热议问题