我有一个问题,未将CORS标头添加到响应中。我正在使用软件包\yii\filters\Cors
基本上,我正在这样做:
class ApiController extends ActiveController
{
public function behaviors()
{
return array_merge(parent::behaviors(), [
// For cross-domain AJAX request
'corsFilter' => [
'class' => 'yii\filters\Cors',
'cors' => [
'Origin' => ['*'], // Restrict access to domains
'Access-Control-Max-Age' => 3600, // Cache (seconds)
'Access-Control-Allow-Origin' => true,
'Access-Control-Expose-Headers' => ['*'],
'Access-Control-Request-Headers' => ['*'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Request-Method' => ['POST', 'HEAD', 'DELETE', 'PUT', 'GET', 'OPTIONS'],
],
],
]);
}
}
与没有应用此方法的结果相同。。没有向我的端点的OPTIONS查询的响应中添加 CORS 标头。
还有这个问题吗?
答案 0 :(得分:0)
您也可以尝试允许来源:
public static function allowedDomains()
{
return [
// '*', // star allows all domains
'http://localhost:4200',
];
}
public function behaviors()
{
return array_merge(parent::behaviors(), [
// For cross-domain AJAX request
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [
'stats' => ['GET'],
],
],
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
// restrict access to domains:
'Origin' => static::allowedDomains(),
'Access-Control-Request-Method' => ['POST', 'GET', 'DELETE', 'PUT', 'OPTIONS'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Allow-Headers' => ['*'],
'Access-Control-Allow-Origin' => ['*'],
'Access-Control-Max-Age' => 3600, // Cache (seconds)
],
],
]);
}