Access-Control-Allow-Origin syntax

前端 未结 1 1064
盖世英雄少女心
盖世英雄少女心 2021-02-20 18:16

I want allow Cross-origin resource sharing from all the sub-domain of from.example.com. So I added Cross-origin resource sharing header as given below to a page in

1条回答
  •  长发绾君心
    2021-02-20 19:03

    Wildcards are not allowed in the Access-Control-Allow-Origin header. It has to be an exact match. You can either allow all domains by setting the value to *, or conditionally echo the value of the Origin request header if it matches one of your allowed domains.

    Note that the Origin spec allows for multiple origins separated by a space. However I am not sure if this works with the Access-Control-Allow-Origin header. It may be worth a try.

    0 讨论(0)
提交回复
热议问题