The Apache configuration supports Cors (Cross-domain resource sharing) instances _linux

Source: Internet
Author: User

When using Ajax to cross domain requests, the browser complains: XMLHttpRequest error:origin null is isn't allowed by Access-control-allow-origin. It must be a cross-domain problem, if the JSONP or proxy to modify the words would be too much engineering, so the use of cors this relatively simple and efficient technology. The cors is more efficient than the JOSP approach. Jsonp because it works only to implement get requests, Cors supports all types of HTTP requests. Using Cors, you can use ordinary Ajax to implement Cross-domain, which is a great boon to the front end, this technology is generally supported by most browsers now, because Cross-domain is already universal requirements, the browser will gradually out of the appropriate ' back door ' out of the special to cross domain.

Browser support situation

After I test IE browser IE10 and above can send the request normally

1. Server-side support for cors is done by setting up Access-control-allow-origin. If the browser detects the appropriate settings, you can allow Ajax to cross domain access, which is the corresponding ' back door '.

Setting Apache:apache requires the use of the Mod_headers module to activate the HTTP header setting, which is activated by default. You only need to modify the httpd.conf file in the Apache configuration file:

Raw code

Copy Code code as follows:

<directory/>
allowoverride None
Require all denied
</Directory>

Change to the following code
Copy Code code as follows:

<directory/>
Require all denied
Header Set Access-control-allow-origin *
</Directory>

Set in the PHP file that handles the request:

Copy Code code as follows:

<?php
Header ("access-control-allow-origin:*");
Processing Request output data

?>


The implication of a configuration is to allow any domain-initiated request to obtain data from the current server. Of course, there is a great danger that malicious sites may attack our servers via XSS. So we should try to be targeted on the source of restricted security, such as the following settings so that only http://jb51.net/this domain can access the server's APIs across domains.

In httpd.conf:

Copy Code code as follows:

Header Set Access-control-allow-origin http://www.jb51.net

in the php file:

Copy Code code as follows:

<?php
Header ("Access-control-allow-origin:http://www.jb51.net");

Foreground code:

Copy Code code as follows:

<script type= "Text/javascript" >
function Createcorsrequest (method, URL) {
var xhr = new XMLHttpRequest ();
if ("Withcredentials" in XHR) {
This is the case that supports cors
Check if the XMLHttpRequest object has a "withcredentials" property
"Withcredentials" exists only in XMLHttpRequest Level 2 objects
} else {
Otherwise check whether support Xdomainrequest
Xdomainrequest only exists in IE and is the way IE is used to support cors requests
XHR = new Xdomainrequest ();
}
Xhr.open (method, URL, true);
Xhr.send ();
Xhr.onload = function () {
alert (Xhr.responsetext);
}
}
Createcorsrequest (' Get ', "http://192.168.1.58/t.php");
</script>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.