Reputation: 55
Is possible to allows cors access from one domain only in php
I am created a PHP RESP API application. I need to access this application from another domain using its API. Is it possible to specify cors domain in Header
<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");
...
The above code allows cors from every domain.But i need to allow cors from a specific domain only.
Upvotes: 2
Views: 6460
Answers (3)
Reputation:
This may not answer your immediate question, but personally I use the below to make sure content gets out only if on the proper host.
$host = 'example.com';
if ($_SERVER['HTTP_HOST'] != $host) {
header("Location: http://$host");
exit;
}
In .htaccess I set Header set X-Frame-Options "SAMEORIGIN" to further limit access.
Upvotes: 1
Reputation: 102
try below code:
<?php
// Cross-Origin Resource Sharing Header
header('Access-Control-Allow-Origin: http://base.com');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept');
?>
Upvotes: 6
Reputation: 2147
The solution to this issue is to use the $_SERVER['HTTP_ORIGIN'] variable to determine whether the request has come from an allowed domain. It has then set this:
try below code:
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
Upvotes: -2
Related Questions
- CORS (cross origin resource sharing) using PHP
- enable cors in .htaccess
- How to enable CORS with PHP
- CORS / Access-Control-Allow-Origin
- CORS not working php
- CORS with php (Wordpress)
- CORS ORIGIN ISSUE
- Only allow a certain domain to access my php files
- Allow CORS in AngualrJS and PHP
- Access-Control-Allow-Origin syntax