* or http://xxx
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods:POST,GET");
header("Access-Control-Allow-Headers:x-requested-with,content-type");
header("Content-type:text/json;charset=utf-8");
header("Access-Control-Allow-Credentials:true") 携带cookie
header("Access-Control-Allow-Headers:token,appsecret,Content-Type") 小程序调用时