我添加了一个CORS中间件,它适用于单路由:-
Route::get('example', ['middleware' => 'cors', function(){
return Response::json(array('name' => 'Steve Jobs', 'company' => 'Apple'));
}]);
但当我将其应用于一组路由时,它会在控制台中出错:-
(index):1 XMLHttpRequest cannot load http://jotdot.mysite.com/api/authenticate.
Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on
the requested resource. Origin 'http://jotdotfrontend.mysite.com' is
therefore not allowed access.
我的路线组:-
Route::group(['middleware' => 'cors'], function () {
Route::group(['prefix' => 'api'], function()
{
Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
Route::post('authenticate', 'AuthenticateController@authenticate');
});
});
Cors.php
class CORS
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
];
if($request->getMethod() == "OPTIONS") {
// The client-side application can set only headers allowed in Access-Control-Allow-Headers
return Response::make('OK', 200, $headers);
}
$response = $next($request);
foreach($headers as $key => $value)
$response->header($key, $value);
return $response;
return $next($request);
}
}
我在关注https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps以及尝试在不同的域上设置后端和前端。
感谢
问题是,基于路由的中间件从未应用于自动生成的基于resource
的路由的OPTIONS
请求("因为Route::resource(...)
没有为options
方法生成路由?")。
所以,把你的cors
中间件放在app/Http/Kernel.php
中的全局中间件组中,就在VerifyCsrfToken
中间件之前:
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode::class,
AnkhHttpMiddlewareEncryptCookies::class,
IlluminateCookieMiddlewareAddQueuedCookiesToResponse::class,
IlluminateSessionMiddlewareStartSession::class,
IlluminateViewMiddlewareShareErrorsFromSession::class,
AppHttpMiddlewareCORS::class, // here it is
AppHttpMiddlewareVerifyCsrfToken::class,
];
并将其从routes.php
中完全删除,如:
// Route::group(['middleware' => 'cors'], function () {
Route::group(['prefix' => 'api'], function() {
Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
Route::post('authenticate', 'AuthenticateController@authenticate');
});
//});
你可以试试这个:
Route::group(['prefix' => 'api', 'middleware' => 'cors'], function()
{
Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
Route::post('authenticate', 'AuthenticateController@authenticate');
});
这样试试,
Route::group([ 'prefix' => 'api', 'middleware' => 'AppHttpMiddlewareCORS'], function() {
Route::resource('authenticate', 'AuthenticateController', ['only' => ['index']]);
Route::post('authenticate', 'AuthenticateController@authenticate');
});
您的原始标头不在标头数组中。与其使用header()设置原始标头,不如尝试将其与其他访问控制标头一起添加,如下所示:
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Origin'=> '*',
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
];