Option 1: Allow cross-domain directly in the domain name configuration
Disadvantages: Lack of security. Bus, anyone can access it. It is equivalent to completely giving up cross-domain control.
And login credentials cannot be sent, and sending cookies, etc. will still be blocked.
1. Modify the apache/conf/httpd.conf file
Find #LoadModule headers_module modules/mod_headers.so and remove the # annotation to enable the apache header information custom module
2. Find your virtual host file. Note that it is a cross-domain website. The specific content is this file.
It may be different, but <Directory> </Directory> remains unchanged
<VirtualHost *:80>
DocumentRoot "E:/www/"
ServerName test..com
ServerAlias *.test.com
<Directory "E:/www/">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Add the following configuration before </Directory> in this configuration:
#Open to all domain names
Header set Access-Control-Allow-Origin * (add a line like this)
#Open to specified domain names
Header set Access-Control-Allow-Origin http://www.***.com (or add a line like this)
Restart apache to take effect.
Option 2: Add cross-domain settings to the PHP code
$origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : "*";
header('Access-Control-Allow-Origin:' . $origin);
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Headers: Content-Type, X-Requested-With, Cache-Control,Authorization");
Advantages: You can enable cross-domain based on the whitelist. Sending cookies and other credentials will not be intercepted.
Disadvantages: Static files such as files are not processed by PHP and will still be intercepted across domains. The
above code does not add a whitelist. Add it yourself if needed.
Option 3: Add settings in .htaccess
Modify the .htaccess configuration file and restart apache to take effect
SetEnvIf Origin "^http(s)?://(.+\.)?(submit.magazine.ubandev.com|localhost:8080)$" origin_is=$0
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials true
Advantages: No need to modify the apache domain name configuration. Static files can also set response headers and can cross domains. After regularization, the response header has only one domain name and cookies can be sent.