dsiimyoc804955 2018-03-03 16:56 采纳率: 100%
浏览 100


I'm trying to create an application architecture similar to that of Shopify's.

I am running this application from Forge and I've set up the necessary configuration for wildcard DNS to work.

At the moment people can sign up to my Laravel Spark app and then a subdomain will be created dynamically for them at:

Route::group(['domain' => '{company}.app.com'], function () {
    Route::get('/', 'SubdomainController@index');

So if they register an account and set the company name as Company then they will have a subdomain created at company.app.com. This subdomain returns a view with data related to their account (It pretty much returns a custom website for my user).

I'd like to give users the ability to mirror their site at company.app.com to their own domain address. I have tried setting up a mask within GoDaddy on a spare domain I have to test this however it doesn't seem to work :( I get this error in the console:

Refused to display 'http://company.app.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

So I'm guessing this is definitely not the right way to do it.

After this happened I looked at how other companies managed this and it looks like they create an A record and CNAME that points to the root of their app. Shopify's guide explains that they add their IP as an A record and then the CNAME is set as the shops.myshopify.com domain.

So now I'm left wondering how I can point requests in the right direction when they land on my app. So for example if traffic hits random.com and it has an A record that is equal to my servers IP, plus a CNAME of app.com, then how do I handle the request and redirect it to the correct subdomain whilst keeping the user on their custom domain?

Thanks, Nick

  • 写回答

1条回答 默认 最新

  • dongsu3654 2018-03-03 18:40

    It's much easier than that. Your server is setting the X-Frame-Options header to SAMEORIGIN which means content from your site can only be rendered within a frame if that frame is on your domain.

    You either get rid of that totally, so anyone can frame your content on any site, or you save your customers domains and do some sort of database lookup on the fly, or configure some sort of specific url for them to use for content linking which proxies to their directory on your server and has a part of the url which you can capture as a variable to use in your server config. Then you set your header to allow from their domain only.

    So embed.myapp.com/example.com could serve the content from example.myapp.com and add the header

    X-Frame-Options: ALLOW-FROM https://example.com/

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 unity3d机械臂
  • ¥20 判断两个表是否完全相同
  • ¥20 工控机出现散热器转一下停一下这种情况,是什么原因造成的
  • ¥15 双显卡,启动docker容器报错。
  • ¥15 想编写一个期货跨期套利的程序
  • ¥15 一个线程在sleep的时候set一个信号会起作用吗
  • ¥50 如何利用matlab将现有的地基雷达回波数据调制为机载雷达回波数据
  • ¥100 需求高精度PT100设计电路和算法
  • ¥15 单片机配网,继电器开关,广播
  • ¥60 Qcustomplot绘制实时动态曲线