dsiimyoc804955 2018-03-03 16:56 采纳率: 100%
浏览 100
已采纳

具有子域的Laravel应用程序,可以通过CNAME链接到其他域

I'm trying to create an application architecture similar to that of Shopify's.

I am running this application from Forge and I've set up the necessary configuration for wildcard DNS to work.

At the moment people can sign up to my Laravel Spark app and then a subdomain will be created dynamically for them at:

Route::group(['domain' => '{company}.app.com'], function () {
    Route::get('/', 'SubdomainController@index');
});

So if they register an account and set the company name as Company then they will have a subdomain created at company.app.com. This subdomain returns a view with data related to their account (It pretty much returns a custom website for my user).

I'd like to give users the ability to mirror their site at company.app.com to their own domain address. I have tried setting up a mask within GoDaddy on a spare domain I have to test this however it doesn't seem to work :( I get this error in the console:

Refused to display 'http://company.app.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

So I'm guessing this is definitely not the right way to do it.

After this happened I looked at how other companies managed this and it looks like they create an A record and CNAME that points to the root of their app. Shopify's guide explains that they add their IP as an A record and then the CNAME is set as the shops.myshopify.com domain.

So now I'm left wondering how I can point requests in the right direction when they land on my app. So for example if traffic hits random.com and it has an A record that is equal to my servers IP, plus a CNAME of app.com, then how do I handle the request and redirect it to the correct subdomain whilst keeping the user on their custom domain?

Thanks, Nick

  • 写回答

1条回答 默认 最新

  • dongsu3654 2018-03-03 18:40
    关注

    It's much easier than that. Your server is setting the X-Frame-Options header to SAMEORIGIN which means content from your site can only be rendered within a frame if that frame is on your domain.

    You either get rid of that totally, so anyone can frame your content on any site, or you save your customers domains and do some sort of database lookup on the fly, or configure some sort of specific url for them to use for content linking which proxies to their directory on your server and has a part of the url which you can capture as a variable to use in your server config. Then you set your header to allow from their domain only.

    So embed.myapp.com/example.com could serve the content from example.myapp.com and add the header

    X-Frame-Options: ALLOW-FROM https://example.com/

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 优博讯DT50高通安卓11系统刷完机自动进去fastboot模式
  • ¥15 minist数字识别
  • ¥15 在安装gym库的pygame时遇到问题,不知道如何解决
  • ¥20 uniapp中的webview 使用的是本地的vue页面,在模拟器上显示无法打开
  • ¥15 网上下载的3DMAX模型,不显示贴图怎么办
  • ¥15 关于#stm32#的问题:寻找一块开发版,作为智能化割草机的控制模块和树莓派主板相连,要求:最低可控制 3 个电机(两个驱动电机,1 个割草电机),其次可以与树莓派主板相连电机照片如下:
  • ¥15 Mac(标签-IDE|关键词-File) idea
  • ¥15 潜在扩散模型的Unet特征提取
  • ¥15 iscsi服务无法访问,如何解决?
  • ¥15 感应式传感器制作的感应式讯响器