在AngularJS中,我的Restful API在子域中,但是我遇到了一个问题,即cookie/session不能在不同的域之间共享。对于Angular,我正在执行以下操作:
现在我看到服务器说它将允许凭据,但在选项请求中没有发送。如下屏幕截图所示。 我做错了什么吗?
app.config(['$httpProvider',
function($httpProvider) {
$httpProvider.defaults.useXDomain = true;
$httpProvider.defaults.withCredentials = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];
}]);
同时,当我使用 $http 发送请求时,我正在执行以下操作:
var object = {};
object.url = '/example'
object.withCredentials = true;
$http(object).success(object.success).error(object.error);
在我的服务器端,我有:
if($_SERVER['REQUEST_METHOD']=='OPTIONS') {
if(isset($_SERVER['HTTP_X_FOWARDED_HOST']) && !empty($_SERVER['HTTP_X_FOWARDED_HOST'])) {
$origin=$_SERVER['HTTP_X_FOWARDED_HOST'];
} else {
$origin=$_SERVER['HTTP_ORIGIN'];
}
if(isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']) && ($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='POST' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='DELETE' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']=='PUT')) {
header('Access-Control-Allow-Origin: '.$origin);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: *,X-Requested-With,Content-Type');
//header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT');
// https://dev59.com/yHVC5IYBdhLWcg3wbgdS#7605119
header('Access-Control-Max-Age: 86400');
}
}
现在我看到服务器说它将允许凭据,但在选项请求中没有发送。如下屏幕截图所示。 我做错了什么吗?