{"id":406,"title":"ajax\u8de8\u57df\u8bfb\u4e0d\u5230cookie\u4ee5\u53ca\u63a5\u53e3\u8bf7\u6c42\u6210\u529f\u4f46\u662fajax\u4e0d\u8fdbsuccess\u800c\u8fdb\u5165error\u7684\u95ee\u9898","good":0,"bad":0,"hit":1743,"created_at":"2018-11-29 12:21:06","content":"

\u6700\u597d\u7684\u89e3\u51b3\u65b9\u6cd5\uff1a\u6700\u53ef\u4ee5\u8bbe\u7f6e\u591a\u4e2a\u57df\u540d\uff0c\u4e5f\u53ef\u4ee5\u5141\u8bb8cookie\u8de8\u57df<\/p>

$origin=isset($_SERVER['HTTP_ORIGIN'])?$_SERVER['HTTP_ORIGIN']:'';<\/p>

$allowDomain=[<\/p>

    'http:\/\/www.yunindex.com',<\/p>

    'http:\/\/web.yunindex.com'<\/p>

];<\/p>

if(in_array($origin,$allowDomain)){<\/p>

    header("Access-Control-Allow-Origin:".$_SERVER['HTTP_ORIGIN']);<\/p>

    header("Access-Control-Allow-Credentials: true");<\/p>

}<\/p>

\u5173\u4e8ewithCredentials\uff1a<\/p>

XMLHttpRequest.withCredentials  <\/strong>\u5c5e\u6027\u662f\u4e00\u4e2aBoolean<\/code><\/a>\u7c7b\u578b\uff0c\u5b83\u6307\u793a\u4e86\u662f\u5426\u8be5\u4f7f\u7528\u7c7b\u4f3ccookies,authorization headers(\u5934\u90e8\u6388\u6743)\u6216\u8005TLS\u5ba2\u6237\u7aef\u8bc1\u4e66\u8fd9\u4e00\u7c7b\u8d44\u683c\u8bc1\u4e66\u6765\u521b\u5efa\u4e00\u4e2a\u8de8\u7ad9\u70b9\u8bbf\u95ee\u63a7\u5236\uff08cross-site Access-Control<\/code>\uff09\u8bf7\u6c42\u3002\u5728\u540c\u4e00\u4e2a\u7ad9\u70b9\u4e0b\u4f7f\u7528withCredentials\u5c5e\u6027\u662f\u65e0\u6548\u7684\u3002<\/code><\/p>

\u6b64\u5916\uff0c\u8fd9\u4e2a\u6307\u793a<\/code>\u4e5f\u4f1a\u88ab\u7528\u505a\u54cd\u5e94\u4e2d<\/code>cookies \u88ab\u5ffd\u89c6\u7684\u6807\u793a\u3002\u9ed8\u8ba4\u503c\u662ffalse\u3002<\/p>

\u5982\u679c\u5728\u53d1\u9001\u6765\u81ea\u5176\u4ed6\u57df\u7684XMLHttpRequest\u8bf7\u6c42\u4e4b\u524d\uff0c\u672a\u8bbe\u7f6ewithCredentials<\/code> \u4e3atrue\uff0c\u90a3\u4e48\u5c31\u4e0d\u80fd\u4e3a\u5b83\u81ea\u5df1\u7684\u57df\u8bbe\u7f6ecookie\u503c\u3002\u800c\u901a\u8fc7\u8bbe\u7f6ewithCredentials<\/code> \u4e3atrue\u83b7\u5f97\u7684\u7b2c\u4e09\u65b9cookies\uff0c\u5c06\u4f1a\u4f9d\u65e7\u4eab\u53d7\u540c\u6e90\u7b56\u7565\uff0c\u56e0\u6b64\u4e0d\u80fd\u88ab\u901a\u8fc7document.cookie<\/a>\u6216\u8005\u4ece\u5934\u90e8\u76f8\u5e94\u8bf7\u6c42\u7684\u811a\u672c\u7b49\u8bbf\u95ee\u3002<\/p>

\u6ce8:<\/span> \u6c38\u8fdc\u4e0d\u4f1a\u5f71\u54cd\u5230\u540c\u6e90\u8bf7\u6c42<\/p>

Note:<\/span> <\/span>\u4e0d\u540c\u57df\u4e0b\u7684XmlHttpRequest<\/code> \u54cd\u5e94\uff0c\u4e0d\u8bba\u5176Access-Control-<\/code> header \u8bbe\u7f6e\u4ec0\u4e48\u503c\uff0c\u90fd\u65e0\u6cd5\u4e3a\u5b83\u81ea\u8eab\u7ad9\u70b9\u8bbe\u7f6ecookie\u503c\uff0c\u9664\u975e\u5b83\u5728\u8bf7\u6c42\u4e4b\u524d\u5c06withCredentials<\/code> \u8bbe\u4e3atrue\u3002<\/p>

\u539f\u6587\uff1ahttps:\/\/developer.mozilla.org\/zh-CN\/docs\/Web\/API\/XMLHttpRequest\/withCredentials<\/a><\/p>

<\/p>

<\/p>

\u6700\u8fd1\u5c1d\u8bd5\u53d1\u73b0\u4e0b\u9762\u8fd9\u79cd\u66f4\u597d\uff0c\u6240\u6709\u57df\u540d\u90fd\u53ef\u4ee5\u8bbf\u95ee\uff0c\u4f46\u662fcookie\u4e0d\u80fd\u8de8\u57df\uff1a<\/p>

header('content-type:application:json;charset=utf8');<\/p>

header('Access-Control-Allow-Origin:*');<\/p>

header('Access-Control-Allow-Methods:*');<\/p>

header('Access-Control-Allow-Headers:x-requested-with,content-type');<\/p>

<\/p>

<\/p>

\u4ee5\u4e0b\u662f\u4e4b\u524d\u7684<\/p>

\u5728test.hu-rong.com\u4e2d\u7528ajax\u8c03\u7528www.hu-rong.com<\/a>  \u7684\u63a5\u53e3\uff0c\u4e00\u76f4http 302\u8bfb\u4e0d\u5230cookie,\u8fd9\u662f\u7531\u4e8e\u8de8\u57df\u7684\u65f6\u5019\u8bfbcookies\u8981\u52a0\u4e0a<\/p>

xhrFields':{withCredentials: true}<\/pre>
\u5426\u5219\uff0c\u5982\u679c\u63a5\u53e3\u90a3\u8fb9\u6709\u9a8c\u8bc1cookies\u767b\u5f55\u72b6\u6001\u7684\u8bdd\uff0c\u662f\u83b7\u53d6\u4e0d\u5230cookies\u7684\uff0c\u8fd9\u6837\u4f1a\u88ab\u91cd\u5b9a\u5411\u5230\u767b\u5f55\u9875\u9762\uff0c\u6b64\u65f6\u63a5\u53e3\u5c31\u8fd4\u56de\u72b6\u6001\u7801302;<\/p>
\u4f46\u662f\u52a0\u4e86<\/p>
xhrFields:{withCredentials: true},<\/p>
crossDomain: true,<\/p>
\u540e\u5947\u602a\u7684\u662f\uff0c\u63a5\u53e3\u6b63\u5e38\u8fd4\u56de\u6570\u636e\uff0c\u4f46ajax\u5c31\u662f\u4e0d\u8fdb\u5165success\uff0c\u800c\u662f\u8fdb\u5165\u4e86error\u4e2d\uff0c\u540e\u6765\u53d1\u73b0\u8fd9\u79cd\u8bbe\u7f6e\u5fc5\u987b\u5c06\u63a5\u53e3\u90a3\u8fb9\u8de8\u57df\u7684header\u5934\u4e2dAccess-Control-Allow-Origin\u8bbe\u7f6e\u4e3a\u5177\u4f53\u57df\u540d\uff0c\u800c\u4e0d\u662f*<\/strong><\/p>
\u63a5\u53e3\u90a3\u8fb9\u8bbe\u7f6e\u5141\u8bb8\u8de8\u57df\uff0c\u7136\u540eajax\u8bf7\u6c42\u52a0\u4e0a\uff1a<\/p>
\u6298\u817e\u4e86\u5927\u534a\u5929\u4e0d\u5bb9\u6613\uff0c\u8f6c\u8f7d\u8bf7\u4fdd\u7559\u672c\u6587\u94fe\u63a5\uff1ahttp:\/\/www.hu-rong.com\/article\/406<\/a> <\/p>
<\/p>
\u793a\u4f8b\uff1a\u5728user.hu-rong.com<\/strong>\u4e2d\uff1a<\/p>
<!DOCTYPE html><\/p>
<html><\/p>
<head><\/p>
    <meta charset="UTF-8"><\/p>
    <title>Title<\/title><\/p>
    <script language="javascript" src="jquery.min.js"><\/script><\/p>
    <script><\/p>
        $(function(){<\/p>
            $.ajax({<\/p>
                type:'GET',<\/p>
                url:'http:\/\/www.hu-rong.com',<\/a> <\/p>
                xhrFields:{withCredentials: true},<\/strong><\/p>
                crossDomain: true,<\/strong><\/p>
                success:function(res){<\/p>
                    console.log(res);<\/p>
                    alert(2);<\/p>
                },<\/p>
                error:function(res){<\/p>
                    alert(1);<\/p>
                }<\/p>
            });<\/p>
        });<\/p>
    <\/script><\/p>
<\/head><\/p>
<body><\/p>
<\/p>
<\/body><\/p>
<\/html><\/p>
<\/p>
\u63a5\u53e3\u7aef\uff1a<\/p>
<\/p>
header("Access-Control-Allow-Origin:http:\/\/user.hu-rong.com<\/strong>");<\/p>
header("Access-Control-Allow-Credentials: true");<\/p>
<\/p>"}