我用(Vue(Axios做了一个webapp。所有GET请求都可以完美地工作,但是当执行POST请求时,它会失败。
在网络响应中,我看到它发送选项而不是开机自检:
选项 https://api.website.com/sheeps
在Chrome中,我得到以下回复:
OPTIONS https://api.website.com/sheeps net::ERR_NAME_NOT_RESOLVED
在 Safari 中:
Failed to load resource: cancelled
XMLHttpRequest cannot load https://api.website.com/sheeps due to access control checks.
这可能是因为我在 Laravel 5.5 中编写的 API 应用程序而失败的。所以我添加了这个包 LaravelCors。从文档中它告诉我可以修复它。配置是这样的:
[
'supportsCredentials' => true,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
]
并像在文档中一样配置它。
但它根本无法解决它。
服务器在Nginx上运行。也许是配置东西的地方,还是我可以用我的Laravel应用程序修复它?
也为 Nginx 配置实现了这一点:"宽开放的 nginx CORS 配置">
我正在从本地主机:8080 的应用程序测试这一切。
enable-cors-and-php-fpm.conf
add_header "Access-Control-Allow-Origin" '*' always; 这个"always"非常重要,允许通过nginx进行4** 3** 5** php-response-code
。您可能需要对"访问控制允许标头"值进行成本化
location ~ [^/].php(/|$)
{
# CORS settings
# http://enable-cors.org/server_nginx.html
# http://10.10.0.64 - It's my front end application
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
}
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
www.your-api.com.conf
server {
listen 80;
server_name localhost;
root /home/admin.api.qmmian.cn/public;
index index.php index.html index.htm;
## laravel config
location / {
try_files $uri/ /index.php?$query_string;
}
##enable cors and enable php-fpm
include enable-php-cors.conf;
}
fastcgi.conf
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;