跨域api服务器设置header(‘content-type:application:json;charset=utf8’);header(‘Access-Control-Allow-Origin:*’);header(‘Access-Control-Allow-Methods:POST’);header(‘Access-Control-Allow-Headers:x-requested-with,content-type’);header(“Access-Control-Allow-Credentials: true”); //客户端带上cookie 限制特定域名访问$allow_hosts = [ ‘http://www.test.dev’,];$origin = isset($_SERVER[‘HTTP_ORIGIN’]) ? $_SERVER[‘HTTP_ORIGIN’] : ”;if (in_array($origin, $allow_hosts)) { header(‘Access-Control-Allow-Origin:’.$origin);} ajax跨域访问携带cookie$.ajax({ type: “post”, url: “http://passport.test.dev/user.php?type=5&method=ajax”, data: {page_url: location.href}, xhrFields: { withCredentials: true }}); 跨域的cookie共享ini_set(‘session.cookie_domain’, ‘.test.dev’);