Geek Answers Handbook

CORS for HTML5 Hybrid Application

I read a lot of things about CORS and how to resolve Access-Control-Allow-Origin: * security vulnerability for the web server. But none of the articles explained how we can allow an HTML5 hybrid application to access web services hosted in a domain that have disabled the char * wildcard

My question is: as far as I know, the HTML5 hybrid application does not start in any particular domain that we can set as a whitelist in Access-Control-Allow-Origin lists. Then, how can we access web service data from hybrid APP request data via an ajax call through a web server that denies * in the Access-Control-Allow-Origin tag?

+4
source share
4 answers

When launched on the device, your application will be launched in a browser, but will be launched from the local file system (from a location similar to the file: //path/to/index.html). Therefore, the source does not exist. The browser will not execute the pre-election campaign request and will not block API calls due to cross-origin issues, simply because there is no source.

, . , , . ( ) CORS, . , API ( ), CORS .

+1

, phonegap, jquery ajax. CORS php .htaccess, , .

.htaccess

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

.php , -. , *

<?php
header('Access-Control-Allow-Origin: *');  
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Content-Range, Content-Disposition, Content-Description');
?>
0

, . , . ,

in .htaccess file

Header set Access-Control-Allow-Origin: http://yourdomain-you-are-connecting-from.com


or in php



header("Access-Control-Allow-Origin: http://yourdomain-you-are-connecting-from.com");
0

, . -. , jquery json . . , .

OK, I ask you another question? when you click url link in your application, it works by going to the page. what happened.

0
source

More articles:


All Articles