返回列表

动态设置Access-Control-Allow-Origin

默认分类 2019/12/05 05:39

代码如下:

if (pp.indexOf('static/dist') > -1 || pp.indexOf('static\\dist') > -1 ||
    pp.indexOf('static/js') > -1 || pp.indexOf('static\\js') > -1) {
    res.setHeader('Cache-Control', 'public, max-age=31536000')
  } else {
    res.setHeader('Cache-Control', 'public, max-age=600')
  }
  if (pp.indexOf('14200') > -1) {
    var from = ''
    var headers = res.req && res.req.headers ? res.req.headers : {}
    for (var kk in headers) {
      if (!kk || !headers.hasOwnProperty(kk) || String(kk).toLowerCase() !== 'origin') continue;
      if (/[\.\/]antword\.com$/i.test(headers[kk])) from = headers[kk]
    }
    res.setHeader('Access-Control-Allow-Origin', from || 'http://dev.antword.com')
    res.setHeader('Access-Control-Allow-Credentials', 'true')
    res.setHeader('Access-Control-Max-Age', '18000')
    res.setHeader('Access-Control-Allow-Methods', 'GET,POST,OPTIONS,HEAD')
    res.setHeader('Access-Control-Allow-Headers', 'Origin,X-Requested-With,Content-Type,Accept,Connection,User-Agent,Cookie')
  }


>> 留言评论