跨域http请求 Access-Control-Allow-Origin
/*
限制 单个及多个 域名
$http_origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
// \/ 域名前加个 斜杠 / 用来区别 ce.domain1.com跟 domain1.com
if (preg_match('/\/ce.domain1.com|domain1.com$/i', $http_origin)) {
header('access-control-allow-origin: ' . $http_origin);
}
*/
$cunzai_YZ = strstr($_SERVER['HTTP_REFERER'],'xxx.com');
if($cunzai_YZ){
header('Access-Control-Allow-Origin:*');
header('Access-Control-Allow-Credentials:true');
header('Access-Control-Allow-Methods:POST,GET');
header('Access-Control-Allow-Headers:x-requested-with,content-type');
/*
小写的方式
header('access-control-allow-origin:*');
header('access-control-allow-credentials:true');
header('access-control-allow-methods:post,get');
header('access-control-allow-headers:x-requested-with,content-type');
*/
}