Cross-Origin Request Headers(CORS) with PHP headers

后端 未结 11 1363
情书的邮戳
情书的邮戳 2020-11-21 11:13

I have a simple PHP script that I am attempting a cross-domain CORS request:



        
相关标签:
11条回答
  • 2020-11-21 11:37

    Access-Control-Allow-Headers does not allow * as accepted value, see the Mozilla Documentation here.

    Instead of the asterisk, you should send the accepted headers (first X-Requested-With as the error says).

    0 讨论(0)
  • 2020-11-21 11:37

    add this code in .htaccess

    add custom authentication key's in header like app_key,auth_key..etc

    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Headers: "customKey1,customKey2, headers, Origin, X-Requested-With, Content-Type, Accept, Authorization"
    
    0 讨论(0)
  • 2020-11-21 11:38

    I got the same error, and fixed it with the following PHP in my back-end script:

    header('Access-Control-Allow-Origin: *');
    
    header('Access-Control-Allow-Methods: GET, POST');
    
    header("Access-Control-Allow-Headers: X-Requested-With");
    
    0 讨论(0)
  • 2020-11-21 11:39

    If you want to create a CORS service from PHP, you can use this code as the first step in your file that handles the requests:

    // Allow from any origin
    if(isset($_SERVER["HTTP_ORIGIN"]))
    {
        // You can decide if the origin in $_SERVER['HTTP_ORIGIN'] is something you want to allow, or as we do here, just allow all
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    }
    else
    {
        //No HTTP_ORIGIN set, so we allow any. You can disallow if needed here
        header("Access-Control-Allow-Origin: *");
    }
    
    header("Access-Control-Allow-Credentials: true");
    header("Access-Control-Max-Age: 600");    // cache for 10 minutes
    
    if($_SERVER["REQUEST_METHOD"] == "OPTIONS")
    {
        if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_METHOD"]))
            header("Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT"); //Make sure you remove those you do not want to support
    
        if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"]))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
        //Just exit with 200 OK with the above headers for OPTIONS method
        exit(0);
    }
    //From here, handle the request as it is ok
    
    0 讨论(0)
  • 2020-11-21 11:40

    CORS can become a headache, if we do not correctly understand its functioning. I use them in PHP and they work without problems. reference here

    header("Access-Control-Allow-Origin: *");
    header("Access-Control-Allow-Credentials: true");
    header("Access-Control-Max-Age: 1000");
    header("Access-Control-Allow-Headers: X-Requested-With, Content-Type, Origin, Cache-Control, Pragma, Authorization, Accept, Accept-Encoding");
    header("Access-Control-Allow-Methods: PUT, POST, GET, OPTIONS, DELETE");
    
    0 讨论(0)
  • 2020-11-21 11:46

    I've simply managed to get dropzone and other plugin to work with this fix (angularjs + php backend)

     header('Access-Control-Allow-Origin: *'); 
        header("Access-Control-Allow-Credentials: true");
        header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
        header('Access-Control-Max-Age: 1000');
        header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization');
    

    add this in your upload.php or where you would send your request (for example if you have upload.html and you need to attach the files to upload.php, then copy and paste these 4 lines). Also if you're using CORS plugins/addons in chrome/mozilla be sure to toggle them more than one time,in order for CORS to be enabled

    0 讨论(0)
提交回复
热议问题