Cross-Origin Request 實現跨網域請求
JSONP
CORS: Cross-Origin Resource Sharing 跨來源資源共享
header('Access-Control-Allow-Origin: https://your.domain');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept');
// 快取秒數;一段時間內允許請求,節省 option request 所消耗的資源
header('Access-Control-Max-Age: 1728000');
// 如果有登入需求,須加上
header('Access-Control-Allow-Credentials: true');
- Can Ajax make a Cross-Origin Login?
- MDN: HTTP 存取控制(CORS)
- enable-cors.org: I want to add CORS support to my server
WildCard '*' not working
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
For Security, cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
Mutliple Origin Demand
用 preg_match()
/ fnmatch()
和 $_SERVER['HTTP_ORIGIN']
解
Others
科普
Front-end
- How to get Response headers in AJAX
Detecting a redirect in jQuery $.ajax?
XHR 獲取 header 中的 redirectURL
//jQuery $.done(function(res, status, xhr) { console.log(xhr.getAllResponseHeaders()); });