weixin_33709609 2015-12-21 07:07 采纳率: 0%
浏览 53

用PHP实现CORS

Simply I'm making an app using Codeigniter as PHP framework and I'm using API for rendering the view on cross site with ajax request. Now my problem is I have hosted all my files in one site say homnath.com.np and provided the API key to different websites by storing their webURL into database, say abc.com, xyz.com and many others. Now when xyz.com hits in my site homnath.com by ajax, how could I know the webURL that is hitting on my site homnath.com by API key, and how to allow for it for CORS if it is a valid and listed website. Moreover I have used header("Access-Control-Allow-Origin: *"); to allow for all webURLS and now I want to filter them and provide access to only those which are listed on my database. How can I do it in controller of codeigniter. I want to block for rest of the sites.

  • 写回答

1条回答 默认 最新

  • python小菜 2016-01-08 08:14
    关注

    for this you can check for the URL as

             $incomingOrigin = $webURL;

         $hotdat = array();
          foreach ($hotelURL as $releted){         //$hotelURL is an array from your database
          $addURL = $releted->url;              // $releted->url the db field name for url
         array_push($hotdat, $addURL);
         }

       if ($incomingOrigin !== null && isOriginAllowed($incomingOrigin, $hotdat)== TRUE)
      {
       header("Access-Control-Allow-Origin: $incomingOrigin");
     }else{
        echo ("CSRF protection in POST request: detected invalid Origin header: " . $incomingOrigin);
   header("Access-Control-Allow-Origin: http://bookingpoints.com");
     }
    评论

报告相同问题?