我是Laravel的新手,正在使用OAuth2.0密码授权进行一些Laravel 5.3 Passport项目.当我使用params卷曲API时,它会使用令牌进行响应.但是,在浏览器中,它需要端点应添加的额外安全性,因为我的请求来自localhost,而API位于我的VM中.这是错误:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 400.
我知道问题是什么,但我不知道在哪里放入包含该标题,因为这是第三方应用程序.
提前谢谢专家.请帮忙.
Ali*_*ris 124
简单的答案是将Access-Control-Allow-Origin标头设置为localhost或*.这是我通常这样做的方式:
创建一个名为的简单中间件Cors:
php artisan make:middleware Cors
将以下代码添加到app/Http/Middleware/Cors.php:
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
你可以替换*使用localhost或保留它,因为它是.
下一步是加载中间件.$routeMiddleware将以下行添加到数组中app/Http/Kernel.php.
'cors' => \App\Http\Middleware\Cors::class,
最后一步是在要设置访问源头的路由上使用中间件.假设您正在讨论laravel 5.3中的新api路由,那么app/Providers/RouteServiceProvider.php在mapApiRoutes()函数内部可以执行此操作(您可以删除或注释函数的先前代码):
Route::group([
'middleware' => ['api', 'cors'],
'namespace' => $this->namespace,
'prefix' => 'api',
], function ($router) {
//Add you routes here, for example:
Route::apiResource('/posts','PostController');
});
Jay*_*vad 27
简单的答案是将Access-Control-Allow-Origin标头设置为localhost或*.这是我通常这样做的方式:
将以下代码添加到bootstrap/app.php:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: *');
header('Access-Control-Allow-Headers: *');
naa*_*ter 18
您还可以使用barryvdh的laravel-cors套餐.
安装软件包之后,获得所有路由的CORS支持的最简单方法是在Http/Kernel.php中添加这样的中间件:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Barryvdh\Cors\HandleCors::class,
];
如果您不希望在所有路由上都获得CORS支持,则应该为该路由创建新的OPTIONS路由,/oauth/token并仅将cors中间件添加到该路由.
没有解决设置路由中间件问题的App\Http\Kernel,尝试设置全局中间件。在App\Http\Middleware\Cors:
public function handle($request, Closure $next)
{
return $next($request)->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods','GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS')
->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}
在App\Http\Kernel:
protected $middleware = [
...
\App\Http\Middleware\Cors::class,
];
在 App/Http/Middleware 中创建 Cors.php 文件并将其粘贴到其中。
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
//ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods' => 'POST,GET,OPTIONS,PUT,DELETE',
'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization',
];
if ($request->getMethod() == "OPTIONS") {
//The client-side application can set only headers allowed in Access-Control-Allow-Headers
return response()->json('OK',200,$headers);
}
$response = $next($request);
foreach ($headers as $key => $value) {
$response->header($key, $value);
}
return $response;
}
}
并在 Kernel.php 中的“Trust Proxies::Class”行之后添加此行。
\App\Http\Middleware\Cors::class,
就是这样,您已允许所有 Cors 标头。
小智 5
只需将其添加到您的代码控制器中即可
return response()->json(compact('token'))->header("Access-Control-Allow-Origin", "*");
https://github.com/fruitcake/laravel-cors
在我必须更改 cors.php 文件后
,如下所示
/*
* Sets the Access-Control-Allow-Credentials header.
*/
'supports_credentials' => true,
| 归档时间: |
|
| 查看次数: |
81547 次 |
| 最近记录: |