.htaccess - 访问控制允许原始多个域？(Access-Control-Allow-Origin Multiple Origin Domains?)

Question

Is there a way to allow multiple cross-domains using the Access-Control-Allow-Origin header?

(有没有一种方法可以使用Access-Control-Allow-Origin标头允许多个跨域？)

I'm aware of the * , but it is too open.

(我知道* ，但是它太开放了。)

I really want to allow just a couple domains.

(我真的只想允许几个域名。)

As an example, something like this:

(例如，如下所示：)

Access-Control-Allow-Origin: http://domain1.example, http://domain2.example

I have tried the above code but it does not seem to work in Firefox.

(我已经尝试了上面的代码，但是它似乎在Firefox中不起作用。)

Is it possible to specify multiple domains or am I stuck with just one?

(是否可以指定多个域，还是我只能使用一个？)

  ask by Thomas J Bradley translate from so

Answer 1

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

(听起来，推荐的方法是让服务器从客户端读取Origin标头，然后将其与您希望允许的域列表进行比较，如果匹配，则将Origin标头的值回传给客户端作为响应中的Access-Control-Allow-Origin标头。)

With .htaccess you can do it like this:

(使用.htaccess您可以这样操作：)

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch ".(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www.)?(google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>