How Apache solves cross-domain issues

Enterprise 2023-09-16 20:19:35 views: null

Option 1: Allow cross-domain directly in the domain name configuration

Disadvantages: Lack of security. Bus, anyone can access it. It is equivalent to completely giving up cross-domain control.
And login credentials cannot be sent, and sending cookies, etc. will still be blocked.

1. Modify the apache/conf/httpd.conf file

Find #LoadModule headers_module modules/mod_headers.so and remove the # annotation to enable the apache header information custom module

2. Find your virtual host file. Note that it is a cross-domain website. The specific content is this file.

It may be different, but <Directory> </Directory> remains unchanged

<VirtualHost *:80> 
    DocumentRoot "E:/www/"
    ServerName test..com
    ServerAlias *.test.com
    <Directory "E:/www/">
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Add the following configuration before </Directory> in this configuration:

#Open to all domain names       

Header set Access-Control-Allow-Origin * (add a line like this)

#Open to specified domain names

Header set Access-Control-Allow-Origin http://www.***.com (or add a line like this)

Restart apache to take effect.

Option 2: Add cross-domain settings to the PHP code

$origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : "*";
header('Access-Control-Allow-Origin:' . $origin);
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Headers: Content-Type, X-Requested-With, Cache-Control,Authorization");

Advantages: You can enable cross-domain based on the whitelist. Sending cookies and other credentials will not be intercepted.
Disadvantages: Static files such as files are not processed by PHP and will still be intercepted across domains. The
above code does not add a whitelist. Add it yourself if needed.

Option 3: Add settings in .htaccess

Modify the .htaccess configuration file and restart apache to take effect

SetEnvIf Origin "^http(s)?://(.+\.)?(submit.magazine.ubandev.com|localhost:8080)$" origin_is=$0
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials true

Advantages: No need to modify the apache domain name configuration. Static files can also set response headers and can cross domains. After regularization, the response header has only one domain name and cookies can be sent.

Guess you like

Origin blog.csdn.net/weixin_42272246/article/details/128223665
Recommended
The United States plans to restrict the export of large AI models to China and Russia
Apple to reach agreement with OpenAI to bring ChatGPT to iPhone
Ranking
whisper-webui installation tutorial is silky and easy to use
[Base] Laravel concepts laravel basis, the custom service provider: Contracts, ServiceContainer, ServiceProvider, Facades relations
Import torchvision error problem solving DLL: module not found
observer & watch & notify = pub & sub
A small turntable program [HTML + CSS + JS]
CorelDRAW 2018 shortcuts Daquan
Supervise el botón de menú para lograr un gatillo de presión prolongada
JS将时间秒转换成天小时分钟秒的字符串
RIP basic configuration
[Deleted] solution to a problem a few questions (Noip1994)
Daily
More
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)

Code World

© 2018 codetd.com