(Laravel& Nginx)CORS标题'Access-Control-Allow-Origin'与'(null)'不匹配

时间:2017-10-31 04:19:48

标签: nginx cors laravel-5.5

我有位于localhost:8080的SPA和dev.mywebsite的API,两者都在本地服务器上运行。我试图使用ajax,但它返回了“访问控制 - 允许 - 来源”#39;两次,附上截图。我不知道为什么会这样。

enter image description here

以下是我的nginx配置:

# Default server configuration
#
server {
    # Port
    listen 80;
    listen [::]:80;

    # Server Name
    server_name dev.narpandi;

    # Logging
    rewrite_log on;

    # Location of public directory
    root /var/www/personal-website/public;

    # Add index.php to the list if you are using PHP
    index index.php index.html index.htm index.nginx-debian.html;


    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
      try_files $uri $uri/ /index.php?$query_string;
        }

    # Remove trailing slash to please routing system
    if (!-d $request_filename) {
      rewrite ^/(.+)/$ /$1 permanent;
    }

    location ~* \.php$ {
      fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
      fastcgi_index index.php;
      fastcgi_split_path_info ^(.+\.php)(.*)$;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;

          set $cors "";

          if ($http_origin ~* 'http://localhost:8080')
          {
            set $cors "true";
          }

          if ($cors = 'true')
          {
            add_header 'Access-Control-Allow-Origin' "$http_origin";
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Pragma,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
          }

          #if ($request_method = 'OPTIONS')
          #{
            #return 204;
          #}
    }

    # Disable all htaccess
    location ~ /\.ht {
      deny all;
    }
}

我错过了什么吗?谢谢你的帮助。

-Edited -

决定删除Nginx CORS配置并使用barryvdh/laravel-cors,因为您可以通过添加中间件来指定哪些路由具有CORS。

这是我的代码:

配置/ cors.php 

<?php

return [
    'supportsCredentials' => false,
    'allowedOrigins' => ['http://yourwebsite.com'],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,
];

应用/ HTTP /中间件/ Cors.php 

<?php

namespace App\Http\Middleware;

class Cors
{
  public function handle($request, Closure $next)
  {
    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
  }
}

应用/ HTTP / Kernel.php 

protected $routeMiddleware = [
  ...
  'cors' => \Barryvdh\Cors\HandleCors::class
];

最后在你的路线中使用它:

Route::group(['prefix' => 'about', 'middleware' => [ ..., 'cors']],  function(){ 
  ...
});

感谢您的帮助,感谢您的不便。

2 个答案:

答案 0 :(得分:1)

问题是您的应用程序也在设置CORS标头。你需要消除一个。

Nginx将重复的标题组合成一个用逗号分隔的标题。这就是你得到的以及Nginx的正常行为。

答案 1 :(得分:1)

您正在使用NGINX个角色和barryvdh/laravel-cors。两者都创建一个标题。

删除应该有效的NGINX

相关问题
最新问题