Enable CORS origin resource sharing on codeigniter
- What is Same Origin Policyapp
Same origin policy allows only the same origins to share data to prevent Cross-site Request Forgery attacks. Same origin is depending on the protocol, port and domain name. Same origin resource sharing is open and freely accessible but different domain sharing resource is limited. Cross-domain AJAX requests are forbidden because of their ability to perform POST, PUT and DELETE requests and other types of HTTP requests which create security issues.less
- What is CORSdom
CORS (Cross Origin Resource Sharing) is a mechanism that allows different origins to share resources by setting a special header. By adding in the header a specific origin, you are allowing only this origin to load resources from this API. So you can’t use CORS unless the owner of the Server side application gives you access.ide
- An Exampleui
We are using an API implemented in Codeigniter by using REST SERVER. Our API is in a different domain than our page that uses it. One solution was to enable browser extensions on all the browsers that allows CORS resource sharing, but not all of them have an available one.this
Instead of adding the extension on each browser, we preferred to set the Access-Control-Allow-Origin header in the API responses:rest
header('Access-Control-Allow-Origin: *');
This is not recommended though because it allows any origin to access the resources API. It is suitable though for the cases that the content must be publicly available or in the object-capabitity model, where pages have unguessable URLs and are meant to be accessible to anyone who knows the secret.code
Also, we can allow only specific methods to be accessible which is safer when we don’t want to allow any origin to be able to use the POST or DELETE method for instance.orm
You can allow all of the methods by adding this:ci
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
In the case of REST SERVER we are setting the specific headers to the constructor of the REST SERVER Controller.
Rest Server constructor changes
public function __construct($config = 'rest')
{
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE");
parent::__construct();
}
- 1. Cross-Origin Resource Sharing (CORS)
- 2. 理解 CORS (Cross-Origin Resource Sharing)
- 3. 跨域資源共享(Cross-Origin Resource Sharing)
- 4. CORS(Cross-Origin Resource Sharing) 跨域資源共享
- 5. Cross-Origin Resource Sharing(CORS)詳解,CORS詳解,CORS原理分析
- 6. Resource-Sharing(更新中)
- 7. 跨域資源共享(Cross-origin resource sharing)CORS
- 8. PHP配合Cross-Origin Resource Sharing實現跨域
- 9. 跨域訪問技術CORS(Cross-Origin Resource Sharing)簡介
- 10. 跨域資源共享(Cross-Origin Resource Sharing)學習筆記
- 更多相關文章...
- • Git Gitee - Git 教程
- • Git 遠程倉庫(Github) - Git 教程
- • PHP Ajax 跨域問題最佳解決方案
- • Github 簡明教程
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Cross-Origin Resource Sharing (CORS)
- 2. 理解 CORS (Cross-Origin Resource Sharing)
- 3. 跨域資源共享(Cross-Origin Resource Sharing)
- 4. CORS(Cross-Origin Resource Sharing) 跨域資源共享
- 5. Cross-Origin Resource Sharing(CORS)詳解,CORS詳解,CORS原理分析
- 6. Resource-Sharing(更新中)
- 7. 跨域資源共享(Cross-origin resource sharing)CORS
- 8. PHP配合Cross-Origin Resource Sharing實現跨域
- 9. 跨域訪問技術CORS(Cross-Origin Resource Sharing)簡介
- 10. 跨域資源共享(Cross-Origin Resource Sharing)學習筆記