php跨域请求
跨域api服务器设置
header('content-type:application:json;charset=utf8');
header('Access-Control-Allow-Origin:*');
header('Access-Control-Allow-Methods:POST');
header('Access-Control-Allow-Headers:x-requested-with,content-type');
header("Access-Control-Allow-Credentials: true"); //客户端带上cookie
限制特定域名访问
$allow_hosts = [
'http://www.test.dev',
];
$origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
if (in_array($origin, $allow_hosts)) {
header('Access-Control-Allow-Origin:'.$origin);
}
ajax跨域访问携带cookie
$.ajax({
type: "post",
url: "http://passport.test.dev/user.php?type=5&method=ajax",
data: {page_url: location.href},
xhrFields: {
withCredentials: true
}
});
跨域的cookie共享
ini_set('session.cookie_domain', '.test.dev');