Nginx implements AJAX cross-domain requests

More: http://www.webyang.net/Html/web/article_135.html

This is how HTTP cross-domain requests are implemented in the latest W3C standard,

Cross-Origin Resource Sharing
To put it simply, it is The cross-domain target server returns a series of headers, and these headers are used to control whether to agree to cross-domain.
These Headers are:
4 Syntax
4.1 Access-Control-Allow-Origin HTTP Response Header
4.2 Access-Control-Max-Age HTTP Response Header
4.3 Access-Control-Allow-Credentials HTTP Response Header
4.4 Access-Control- Allow-Methods HTTP Response Header
4.5 Access-Control-Allow-Headers HTTP Response Header
4.6 Origin HTTP Request Header
4.7 Access-Control-Request-Method HTTP Request Header
4.8 Access-Control-Request-Headers HTTP Re quest Header
is here There are some in the Request package and the Response package.
The most sensitive one is the Access-Control-Allow-Origin Header, which is used in the W3C standard to check whether the cross-domain request can be passed. (Access Control Check)
So if you need to cross domains, the solution is to add Access-Control-Allow-Origin to the header of the resource to specify the domain you authorize. It doesn’t matter to me here, just specify the asterisk *, and any domain can access me H.

The specific operation method can be controlled through different entrances:

1. PHP code control:

<ol><li value="1"><span><?</span><span>php</span></li><li><span>header</span><span>(</span><span>"Access-Control-Allow-Origin: *"</span><span>);</span></li><li><span>?></span></li></ol>

2. HTML header control:

<ol><li value="1"><span><meta</span><span></span><span>http-equiv</span><span>=</span><span>"Access-Control-Allow-Origin"</span><span></span><span>content</span><span>=</span><span>"*"</span><span>></span></li></ol>

3. nginx configuration:

<ol>
<li value="1">
<span>location </span><span>/</span><span></span><span>{</span>
</li>
<li>
<span>  add_header </span><span>Access</span><span>-</span><span>Control</span><span>-</span><span>Allow</span><span>-</span><span>Origin</span><span></span><span>*;</span>
</li>
<li><span>}</span></li>
</ol>

saw on the Internet that someone would add three sentences to nginx.conf:

<ol>
<li value="1"><span>#授权从other.subdomain.com的请求</span></li>
<li>
<span>add_header </span><span>'Access-Control-Allow-Origin'</span><span></span><span>'http://other.subdomain.com'</span><span>;</span>
</li>
<li><span>#当该标志为真时，响应于该请求是否可以被暴露</span></li>
<li>
<span>add_header </span><span>'Access-Control-Allow-Credentials'</span><span></span><span>'true'</span><span>;</span>
</li>
<li><span>#指定请求的方法，可以是GET，POST等</span></li>
<li>
<span>add_header </span><span>'Access-Control-Allow-Methods'</span><span></span><span>'GET'</span><span>;</span>
</li>
</ol>

But I tested it myself and it’s not necessary. In addition, if you want to specify a specific domain name, just modify *, which is usually the second-level domain name of an open site.

The above introduces Nginx to implement AJAX cross-domain requests, including aspects of the content. I hope it will be helpful to friends who are interested in PHP tutorials.