Access to XMLHttpRequest at 'http://api.example.com/data' from origin 'http://www.example.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

<?php
// 設(shè)置允許跨域訪問
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization');

// 如果是OPTIONS請求，直接返回200
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    http_response_code(200);
    exit();
}

// 你的API邏輯
echo json_encode(['message' => '跨域請求成功']);
?>

<?php
// 允許指定的域名訪問
$allowed_origins = [
    'http://localhost:3000',
    'https://myapp.com',
    'https://staging.myapp.com'
];

$origin = $_SERVER['HTTP_ORIGIN'] ?? '';

if (in_array($origin, $allowed_origins)) {
    header("Access-Control-Allow-Origin: $origin");
} else {
    // 或者允許所有（不推薦生產(chǎn)環(huán)境）
    // header('Access-Control-Allow-Origin: *');
    
    // 生產(chǎn)環(huán)境建議直接拒絕未授權(quán)域名
    http_response_code(403);
    exit('不允許的跨域請求');
}

header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
header('Access-Control-Allow-Credentials: true');

// 處理預(yù)檢請求
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    http_response_code(200);
    exit();
}

// API業(yè)務(wù)邏輯
?>