CORS
// 生产环境 * 应改为具体域名
header('Access-Control-Allow-Origin: *');
if ($_SERVER["REQUEST_METHOD"] == 'OPTIONS')
{
header('Access-Control-Allow-Headers: X-Requested-With,Content-Type');
exit();
}
Ajax跨域不携带COOKIE
PHP
header('Access-Control-Allow-Origin: domain.com');
// 此处为true,上面不可为 *
header('Access-Control-Allow-Credentials: true');
if ($_SERVER["REQUEST_METHOD"] == 'OPTIONS')
{
header('Access-Control-Allow-Headers: X-Requested-With,Content-Type');
exit();
}
jQuery
$.ajax({
url: "http://api.domain.com",
xhrFields: {withCredentials: true},
dataType: 'JSON',
type: 'POST',
data: {id: 1},
success: function(response)
{
console.log('Success')
},
error: function()
{
console.log('Error')
}
})