public function cors($allowCredentials = 'true', $allowMethods = 'GET, POST, PUT, DELETE, OPTIONS', $allowHeaders = null)
{
if (empty($_SERVER['HTTP_ORIGIN'])) {
return;
}
if ($allowHeaders == null) {
$allowHeaders = 'Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma,' . 'Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With';
}
$config = $this->getDI()->getConfig();
$checked = false;
// 白名单检测
foreach ($config->cors as $domain) {
if (ends_with($_SERVER['HTTP_ORIGIN'], $domain['domain'])) {
$checked = true;
break;
}
}
if (!$checked) {
exit;
}
$this->response->setHeader('Access-Control-Allow-Credentials', (string) $allowCredentials);
$this->response->setHeader('Access-Control-Allow-Origin', $_SERVER['HTTP_ORIGIN']);
$this->response->setHeader('Access-Control-Allow-Methods', $allowMethods);
$this->response->setHeader('Access-Control-Allow-Headers', $allowHeaders);
if (strtoupper($this->request->getMethod()) == 'OPTIONS') {
$this->response->send();
exit;
}
}
