Ajax跨域

CORS

// 生产环境 * 应改为具体域名
header('Access-Control-Allow-Origin: *');
if ($_SERVER["REQUEST_METHOD"] == 'OPTIONS')
{
    header('Access-Control-Allow-Headers: X-Requested-With,Content-Type');
    exit();
}

Ajax跨域不携带COOKIE

PHP

header('Access-Control-Allow-Origin: domain.com');
// 此处为true，上面不可为 *
header('Access-Control-Allow-Credentials: true');
if ($_SERVER["REQUEST_METHOD"] == 'OPTIONS')
{
    header('Access-Control-Allow-Headers: X-Requested-With,Content-Type');
    exit();
}

jQuery

$.ajax({
    url: "http://api.domain.com",
    xhrFields: {withCredentials: true},
    dataType: 'JSON',
    type: 'POST',
    data: {id: 1},
    success: function(response)
    {
       console.log('Success')
    },
    error: function()
    {
       console.log('Error')
    }
})