Ajax settings Access-control-allow-origin for cross-domain access

Ajax cross-domain access is an old problem, a lot of solutions, more commonly used is the JSONP method, the JSONP method is an unofficial method , and this method only supports get mode, not as secure as post.

Even if you use the Jsonp method of jquery, type is set to post and is automatically changed to get.

Official Question Description:

"Script": evaluates the response as JavaScript and returns it as plain text. Disables caching by appending a query string parameter, "_=[timestamp]", to the URL unless the cache option is set to True . Note:this would turn POSTs into GETs a for remote-domain requests.

If you use post for cross-domain, you can use the Create a hidden iframe, like the Ajax upload image principle, but it will be more cumbersome.

Therefore, it is relatively easy to set up Access-control-allow-origin for cross-domain access.

For example: The domain name of the client is www.client.com, and the requested domain name is www.server.com

If you use AJAX access directly, you will get the following error

XMLHttpRequest cannot load http://www.server.com/server.php. No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' http://www.client.com ' is therefore not allowed access.

Join in the requested response header

Specify allow other domain names to be accessed

Header (' Access-control-allow-origin:*');

Response type

Header (' Access-control-allow-methods:POST');

Response Header Settings

Header (' Access-control-allow-headers:x-requested-with,content-type');

You can implement Ajax post cross-domain access.

The code is as follows:

client.html Path: http://www.client.com/client.html

server.php Path: http://www.server.com/server.php

 
  Isset ($_post[' name ')? $_post[' name ']: ',    ' gender ' = ' isset ($_post[' gender '])? $_post[' Gender ']: '); header (' Content-type: Application:json;charset=utf8 '); header (' access-control-allow-origin:* '); header (' Access-control-allow-methods: POST '), header (' Access-control-allow-headers:x-requested-with,content-type '); Echo Json_encode ($ret);? >

access-control-allow-origin:* that allows any domain name to be accessed across domains

If you need to specify a domain name to allow cross-domain access, simply change the access-control-allow-origin:* to Access-control-allow-origin: allowed domain name

For example: Header (' Access-control-allow-origin:http://www.client.com');

If you need to set multiple domain names to allow access, you need to use PHP to deal with

For example, allow www.client.com and www.client2.com to be accessed across domains

server.php revision changed to

 
  Isset ($_post[' name ')? $_post[' name ']: ',    ' gender ' = ' isset ($_post[' gender '])? $_post[' Gender ']: '); header (' Content-type: Application:json;charset=utf8 '); $origin = Isset ($_server[' Http_origin ')? $_server[' http_origin ': '; $allow _origin = Array (    ' http://www.client.com ',    ' http://www.client2.com '); if ( In_array ($origin, $allow _origin)) {    header (' Access-control-allow-origin: '. $origin);    Header (' Access-control-allow-methods:post ');    Header (' Access-control-allow-headers:x-requested-with,content-type ');} echo Json_encode ($ret);? >

SOURCE Download Address: Click to view

The above describes the Ajax settings access-control-allow-origin to achieve cross-domain access, including aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

