Apache + PHP Yii框架跨域访问API
其实不用在Yii框架中设置任何东西,直接用Ajax调用不同域名的API即可
但是Apache中要这么设置:
首先编辑httpd.conf 去掉这一句的注释:LoadModule headers_module modules/mod_headers.so
然后在httpd-vhosts.config文件种添加头信息
Header set Access-Control-Allow-Origin * --意思是允许所有域名都可以访问
Header set Access-Control-Allow-Headers "access_token" --如果有自定义的请求头,例如:access_token 则添加这一行
如果有自定义的请求头,不添加的话,则会报错:Request header field access_token is not allowed by Access-Control-Allow-Headers
如果用jsonp或者proxy的方式进行修改的话未免需要太大的工程量,所以采用CORS这种比较简单高效的技术。相比JOSP的方式,CORS更为高效。JSONP由于它的原理只能实现GET请求,而CORS支持所有类型的HTTP请求。使用CORS,可以使用普通的ajax实现跨域。
Header set Access-Control-Allow-Origin * 配置的含义是允许任何域发起的请求都可以获取当前服务器的数据。当然,这样有很大的危险性,恶意站点可能通过XSS攻击我们的服务器。所以我们应该尽量有针对性的对限制安全的来源,例如下面的设置使得只有http://123.com/这个域才能跨域访问服务器的API。Header set Access-Control-Allow-Origin http://123.com/
这是我的httpd-vhosts.config文件,设置了三个虚拟目录,具体参考:https://blog.csdn.net/baidu_41327283/article/details/82668757
# Virtual Hosts
#
<VirtualHost *:80>
ServerName mysite1.com
ServerAlias mysite1.com
DocumentRoot "${INSTALL_DIR}/www/ourchildren/jzymaosida-childrenfront-master/childrenfront/web"
<Directory "${INSTALL_DIR}/www/ourchildren/jzymaosida-childrenfront-master/childrenfront/web/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers "access_token"
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName mysite2.com
ServerAlias mysite2.com
DocumentRoot "${INSTALL_DIR}/www/ourchildren/jzymaosida-our-children-web-develop/our-children-web/web"
<Directory "${INSTALL_DIR}/www/ourchildren/jzymaosida-our-children-web-develop/our-children-web/web/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers "access_token"
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName mysite3.com
ServerAlias mysite3.com
DocumentRoot "${INSTALL_DIR}/www/ourchildren/jzymaosida-our-children-back-end-children-v1/our-children-back-end/backend/web"
<Directory "${INSTALL_DIR}/www/ourchildren/jzymaosida-our-children-back-end-children-v1/our-children-back-end/backend/web/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
Header set Access-Control-Allow-Origin *
Header set Access-Control-Allow-Headers "access_token"
</Directory>
</VirtualHost>