在安全地允许CORS方面,我取得了很多成功,但是我尝试了另一页,但它不起作用。我希望有人能告诉我我所缺少的。我知道*是不安全的,但我正在尝试这样做只是为了消除站点名称作为变量。
.htaccess文件
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
以及我的php文件的顶部:
// Allow from any origin just for testing...
if (isset($_SERVER['HTTP_ORIGIN'])) {
// in production, no *, but using my real domain
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}
使用ajax请求访问php文件时,我收到: CORS策略已阻止从来源“ https://sitename.000webhostapp.com/”访问“ https://samesitename.com”处的XMLHttpRequest:请求的资源上没有“ Access-Control-Allow-Origin”标头。
它可以在邮递员中使用。这是标题信息:
Date →Mon, 29 Apr 2019 18:50:03 GMT
Content-Type →text/html; charset=UTF-8
Transfer-Encoding →chunked
Connection →keep-alive
Access-Control-Allow-Origin →*
Access-Control-Allow-Headers →origin, x-requested-with, content-type
Access-Control-Allow-Methods →PUT, GET, POST, DELETE, OPTIONS
Server →awex
X-Xss-Protection →1; mode=block
X-Content-Type-Options →nosniff
X-Request-ID →18341eb6e5c7e5f483d8dd3a3a492b9c
Content-Encoding →gzip
更大的故事是,我将主要站点托管在不支持PHP的firebase上,因此我将php文件放在000webhostapp.com上作为解决方法。
答案 0 :(得分:0)
万一有人遇到类似问题,我的解决办法是仔细检查网址!!!
我张贴了我正在检查
https://sitename.000webhostapp.com/
我应该参考的时间
https://sitename.000webhostapp.com/php/mail.php
感谢@Phil和@emix迫使我检查详细信息。