利用CORS实现POST方式跨域请求数据
发布:smiling 来源: PHP粉丝网 添加日期:2018-10-26 11:03:54 浏览: 评论:0
CORS全名Cross-Origin Resource Sharing,顾名思义:跨域分享资源,这是W3C制定的跨站资源分享标准。
目前包括IE10+、chrome、safari、FF都提供了XMLHttpRequest对象对该标准的支持,在更老的IE8中则提供了xDomainRequest对象,部分实现了该标准;
下面是创建request对象的代码:
- var url = "http://www.phpfensi.com/1.php";
- if (XMLHttpRequest) {
- var req = new XMLHttpRequest();
- // 利用withCredentials属性来判断是否支持跨域请求
- if (!("withCredentials" in req)) { // w3c先行
- if (window.XDomainRequest) {
- req = new XDomainRequest();
- }
- }
- req.open('POST', url, true);
- req.onload = function (data) {
- alert(this.responseText);
- };
- req.send();
- }
注意xDomainRequest对象只支持http和https协议
在利用XMLHttpRequest对象发POST请求前会发一个options嗅探来确定是否有跨域请求的权限;同时在header头上带上Origin信息来指示来源网站信息,服务器响应时需要带上Access-Control-Allow-Origin头的值是否和Origin信息相匹配。
header("Access-Control-Allow-Origin: http://localhost"); // *为全部域名
CORS的缺点是你必须能控制服务器端的权限,允许你跨域访问
设置CORS实现跨域请求
一、使用php代码实现
- #
- # CORS config for php
- # Code by anrip[mail@anrip.com]
- #
- function make_cors($origin = '*') {
- $request_method = $_SERVER['REQUEST_METHOD'];
- if ($request_method === 'OPTIONS') {
- header('Access-Control-Allow-Origin:'.$origin);
- header('Access-Control-Allow-Credentials:true');
- header('Access-Control-Allow-Methods:GET, POST, OPTIONS');
- header('Access-Control-Max-Age:1728000');
- header('Content-Type:text/plain charset=UTF-8');
- header('Content-Length: 0',true);
- header('status: 204');
- header('HTTP/1.0 204 No Content');
- }
- if ($request_method === 'POST') {
- header('Access-Control-Allow-Origin:'.$origin);
- header('Access-Control-Allow-Credentials:true');
- header('Access-Control-Allow-Methods:GET, POST, OPTIONS');
- }
- if ($request_method === 'GET') {
- header('Access-Control-Allow-Origin:'.$origin);
- header('Access-Control-Allow-Credentials:true');
- header('Access-Control-Allow-Methods:GET, POST, OPTIONS');
- }
- }
二、使用nginx配置实现
- # CORS config for nginx
- # Code by anrip[mail@anrip.com]
- #
- location / {
- set $origin '*';
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' $origin;
- #
- # Om nom nom cookies
- #
- add_header 'Access-Control-Allow-Credentials' 'true';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- #
- # Custom headers and headers various browsers *should* be OK with but aren't
- #
- add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
- #
- # Tell client that this pre-flight info is valid for 20 days
- #
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain charset=UTF-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method = 'POST') {
- add_header 'Access-Control-Allow-Origin' $origin;
- add_header 'Access-Control-Allow-Credentials' 'true';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
- }
- if ($request_method = 'GET') {
- add_header 'Access-Control-Allow-Origin' $origin;
- add_header 'Access-Control-Allow-Credentials' 'true';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
- }
- }
Tags: CORS POST
- 上一篇:PHP多态性入门学习笔记与例子
- 下一篇:php构造函数与析构函数
推荐文章
热门文章
最新评论文章
- 写给考虑创业的年轻程序员(10)
- PHP新手上路(一)(7)
- 惹恼程序员的十件事(5)
- PHP邮件发送例子,已测试成功(5)
- 致初学者:PHP比ASP优秀的七个理由(4)
- PHP会被淘汰吗?(4)
- PHP新手上路(四)(4)
- 如何去学习PHP?(2)
- 简单入门级php分页代码(2)
- php中邮箱email 电话等格式的验证(2)