{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Rolldiameter 的问题《Access-Control-Allow-Origin syntax》','https://www.manongdao.com/q-557791.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I want allow Cross-origin resource sharing from all the sub-domain of from.example.com. So I added Cross-origin resource sharing header as given below to a page in subdomain1.to.example.com.
<?php header('Access-Control-Allow-Origin: *.from.example.com');
And I tried to access the page form subdomain1.from.example.com using ajax. I didn't get the response. So I just changed the above header as given below.
<?php header('Access-Control-Allow-Origin: http://subdomain1.from.example.com');
It works well for the subdomain1.from.example.com only.
What was the issue with first header?
Wildcards are not allowed in the
Access-Control-Allow-Originheader. It has to be an exact match. You can either allow all domains by setting the value to*, or conditionally echo the value of theOriginrequest header if it matches one of your allowed domains.Note that the Origin spec allows for multiple origins separated by a space. However I am not sure if this works with the
Access-Control-Allow-Originheader. It may be worth a try.