本文翻译自:Access-Control-Allow-Origin wildcard subdomains, ports and protocols
I'm trying to enable CORS for all subdomains, ports and protocol. 我正在尝试为所有子域,端口和协议启用CORS。
For example, I want to be able to run an XHR request from http://sub.mywebsite.com:8080/ to https://www.mywebsite.com/ * 例如,我希望能够运行从http://sub.mywebsite.com:8080/到https://www.mywebsite.com/的XHR请求*
Typically, I'd like to enable request from origins matching (and limited to): 通常,我想启用来自匹配(并限于)的来源的请求:
//*.mywebsite.com:*/*
#1楼
参考:https://stackoom.com/question/WKUc/Access-Control-Allow-Origin通配符子域-端口和协议
#2楼
The CORS spec is all-or-nothing. CORS规格全有或全无。 It only supports *
, null
or the exact protocol + domain + port: http://www.w3.org/TR/cors/#access-control-allow-origin-response-header 它仅支持*
, null
或确切的协议+域+端口: http : //www.w3.org/TR/cors/#access-control-allow-origin-response-header
Your server will need to validate the origin header using the regex, and then you can echo the origin value in the Access-Control-Allow-Origin response header. 您的服务器将需要使用正则表达式验证原始标头,然后可以在Access-Control-Allow-Origin响应标头中回显原始值。
#3楼
EDIT : Use