Ajax settings Access-control-allow-origin for cross-domain access

Source: Internet
Author: User
Ajax cross-domain access is an old problem, a lot of solutions, more commonly used is the JSONP method, the JSONP method is an unofficial method , and this method only supports get mode, not as secure as post.

Even if you use the Jsonp method of jquery, type is set to post and is automatically changed to get.

Official Question Description:

"Script": evaluates the response as JavaScript and returns it as plain text. Disables caching by appending a query string parameter, "_=[timestamp]", to the URL unless the cache option is set to True . Note:this would turn POSTs into GETs a for remote-domain requests.

If you use post for cross-domain, you can use the Create a hidden iframe, like the Ajax upload image principle, but it will be more cumbersome.

Therefore, it is relatively easy to set up Access-control-allow-origin for cross-domain access.

For example: The domain name of the client is www.client.com, and the requested domain name is www.server.com

If you use AJAX access directly, you will get the following error

XMLHttpRequest cannot load http://www.server.com/server.php. No ' Access-control-allow-origin ' header is present on the requested resource. Origin ' http://www.client.com ' is therefore not allowed access.

Join in the requested response header

Specify allow other domain names to be accessed

Header (' Access-control-allow-origin:*');

Response type

Header (' Access-control-allow-methods:POST');

Response Header Settings

Header (' Access-control-allow-headers:x-requested-with,content-type');

You can implement Ajax post cross-domain access.

The code is as follows:

client.html Path: http://www.client.com/client.html

   
 
                 

server.php Path: http://www.server.com/server.php
 
  Isset ($_post[' name ')? $_post[' name ']: ',    ' gender ' = ' isset ($_post[' gender '])? $_post[' Gender ']: '); header (' Content-type: Application:json;charset=utf8 '); header (' access-control-allow-origin:* '); header (' Access-control-allow-methods: POST '), header (' Access-control-allow-headers:x-requested-with,content-type '); Echo Json_encode ($ret);? >

access-control-allow-origin:* that allows any domain name to be accessed across domains

If you need to specify a domain name to allow cross-domain access, simply change the access-control-allow-origin:* to Access-control-allow-origin: allowed domain name

For example: Header (' Access-control-allow-origin:http://www.client.com');

If you need to set multiple domain names to allow access, you need to use PHP to deal with

For example, allow www.client.com and www.client2.com to be accessed across domains

server.php revision changed to

 
  Isset ($_post[' name ')? $_post[' name ']: ',    ' gender ' = ' isset ($_post[' gender '])? $_post[' Gender ']: '); header (' Content-type: Application:json;charset=utf8 '); $origin = Isset ($_server[' Http_origin ')? $_server[' http_origin ': '; $allow _origin = Array (    ' http://www.client.com ',    ' http://www.client2.com '); if ( In_array ($origin, $allow _origin)) {    header (' Access-control-allow-origin: '. $origin);    Header (' Access-control-allow-methods:post ');    Header (' Access-control-allow-headers:x-requested-with,content-type ');} echo Json_encode ($ret);? >

SOURCE Download Address: Click to view

The above describes the Ajax settings access-control-allow-origin to achieve cross-domain access, including aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.