jsonp + php 跨越请求

$allowOrigins = array('http://my.domain1.com','http://my.domain2.com',);$clientOrigin = isset($_SERVER['HTTP_ORIGIN'])? $_SERVER['HTTP_ORIGIN'] : '';if(in_array($clientOrigin, $allowOrigins)){\Yii::$app->getResponse()->getHeaders()->set('Access-Control-Allow-Credentials','true');\Yii::$app->getResponse()->getHeaders()->set('Access-Control-Allow-Origin',$clientOrigin);\Yii::$app->getResponse()->getHeaders()->set('Access-Control-Allow-Methods','GET, POST, PUT, DELETE, OPTIONS');}

         $.ajax({// The 'type' property sets the HTTP method.// A value of 'PUT' or 'DELETE' will trigger a preflight request.type: 'GET',// The URL to make the request to.url: 'http://my.domain.com',crossDomain:true,//请求偏向外域xhrFields: {// The 'xhrFields' property sets additional fields on the XMLHttpRequest.// This can be used to set the 'withCredentials' property.// Set the value to 'true' if you'd like to pass cookies to the server.// If this is enabled, your server must respond with the header// 'Access-Control-Allow-Credentials: true'.// 如果你想向服务器发送cookies的话，设置withCredentials为true// 而且你的服务器必须返回头部带有'Access-Control-Allow-Credentials:    // true'的回应withCredentials: true},header: {// 在这里设置自定义的头部// Set any custom headers here.// If you set any non-simple headers, your server must include these// headers in the 'Access-Control-Allow-Headers' response header.},success: function() {// Here's where you handle a successful response.// 这里处理服务器成功返回数据的情况},error: function() {// Here's where you handle an error response.// Note that if the error was due to a CORS issue,// this function will still fire, but there won't be any additional// information about the error.// 这里处理错误的回应}});