CORS wildcard with allowcredentials true

Question

CORS wildcard with allowcredentials true

I have a project in which I use wildcard subdomains, such as user.mysite.comwhere the username is a wildcard.

On my server (PHP) I set the following headers:

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');

This allows me to make ajax calls from the external interface, since I do not know what the domain will be. However, I also need my cookies to be sent with session support requests, but when I tell AngularJS about my interface for sending credentials, I get the following message:

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true

I understand this for security reasons, but now I have no way to manage the sessions in my application. Can anyone suggest a workaround for this?

Where can I tell Angular to send credentials:

$httpProvider.defaults.withCredentials = true;

ajax . .. url billy.mysite.com, ajax api.mysite.com.

+4

angularjs ajax php cors laravel

iamjonesy 02 . '14 13:04

2

Koushik Samanta · Answer 1 · 2014-09-22T11:20:07+0000

@iamjonesy - .

"A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true"

, . , api http://api.com. , ajax, http://ui.com

PHP :

header('Access-Control-Allow-Origin: http://ui.com');
header('Access-Control-Allow-Credentials: true');

angular config.js

$httpProvider.defaults.withCredentials = true;

, " *" $httpProvider.defaults.withCredentials, , ajax.

kojo · Answer 2 · 2014-07-03T12:11:20+0000

PeeHaa :

, - :

~~header('Access-Control-Allow-Origin: '.$requestHeaders['Host']);~~

!

, , . , header('Access-Control-Allow-Origin: *'); .

, , , - , Access-Control-Allow-Origin user cookie ( API).

. - , , Host Access-Control-Allow-Origin.

CORS wildcard with allowcredentials true

More articles: