接口很容易碰到跨域请求,如果跨域只要把域名加入到允许访问列表即可,但是由于获取域名方法不同造成能得到的域名格式有多种,以下是code中碰到过的问题能够比较全面解决的解决跨域的代码,分享出来供大家参考,也为自己做个笔记。
/**
* [返回json格式的结果]
* @method return_json
* @param array $return [description]
* @return [type] [json格式,默认为0,0:数组格式,如[[1,2,3]], 1:对象格式,如{"0":{"0":1,"1":2,"2":3}}]
* @DateTime 2017-11-07T14:02:36+0800
* @Author Leen
*/
function return_json($return=[], $type=0)
{
header('Content-type: application/json');
$url = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : '';
$allow_origin = array(
'www.study.com',
'http://www.study.com',
'https://www.study.com'
);
if (!empty($url)) {
$url_arr = parse_url($url);
$origin = $url_arr['scheme'] . '://' . $url_arr['host'];
}
if (empty($url) || !in_array($origin, $allow_origin)) {
$origin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : '';
if (empty($origin)) {
$origin = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST'] : '';
}
}
if(in_array($origin, $allow_origin)){
// header("Access-Control-Allow-Origin: *"); // 允许任意域名发起的跨域请求
// header('Access-Control-Allow-Origin:'.$_SERVER["HTTP_HOST"]);
// header('Access-Control-Allow-Origin:'.$_SERVER["HTTP_ORIGIN"]); //直接测试可使用这个
header('Access-Control-Allow-Origin:'.$origin);
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
header('Access-Control-Allow-Methods: GET, POST, PUT');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Expose-Headers: X-Pagination-Current-Page');
header("Content-Type:application/json; charset=utf-8");
header('Cache-Control: max-age=86400, must-revalidate');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
exit; // finish preflight CORS requests here
}
}else{
$return = [];
}
if ($type) {
echo json_encode($return, JSON_FORCE_OBJECT);exit;
}else{
echo json_encode($return);exit;
}
}
Autho:leedaning
本文地址:https://blog.csdn.net/leedaning/article/details/80860496