Question

我在一个名为backend.example.com的子域上使用laravel编写了一个API。如果我尝试从另一个名为partner.example.com的子域从我的API获取信息，我可以自己验证并获取这些信息。这是Ajax请求：

这是主域的Ajax：

    var ajaxArray = {
        "fromDate": from,
        "toDate": to
        };

    console.log(ajaxArray);

    jQuery.ajax({
        url: ("https://backend.example.com/api/v1/leads/showAdmin"), 
        type: "POST",
        data: ajaxArray,
        crossDomain: true,
        headers : {
        "Authorization": "Basic " + btoa("api@example.com" + ":" + "123456"), 
        "Accept": "application/json"
        },
        error: function() { alert("Error"); },
        success: function(result){
            alert("Working");
        });
    }});

这是来自子域的Ajax请求，它正在进行中：

    var ajaxArray = {
        "fromDate": from,
        "toDate": to,
        "table": "no",
        "userID": 20
    };

console.log(ajaxArray);

jQuery.ajax({
    url: ("https://backend.example.com/api/v1/leads/show"), 
    type: "POST",
    data: ajaxArray,
    crossDomain: true,
    headers : {
    "Authorization": "Basic " + btoa("api@example.com" + ":" + "123456"), 
    "Accept": "application/json"
    },
    error: function() { alert("No"); },
    success: function(result){
        alert("Working");
    });
}});

但如果我试图对名为example.com的主域做同样的事情，我会收到此错误：

无法加载https://backend.example.com/api/v1/leads/showAdmin：对预检请求的响应未通过访问控制检查：否请求中存在“Access-Control-Allow-Origin”标头资源。因此，不允许原点“https://example.com”访问。

我问自己的问题是为什么因为我允许所有...... 见这里：

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Laravel CORS
    |--------------------------------------------------------------------------
    |
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
    | to accept any value.
    |
    */

    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,

];

非常感谢任何帮助！亲切的问候

更新这是我的回复和请求标题：

General:
Request URL:https://backend.example.com/api/v1/leads/showAdmin
Request Method:OPTIONS
Status Code:200 
Remote Address:94.130.239.164:443
Referrer Policy:no-referrer-when-downgrade

Response Header:
allow:POST
cache-control:private, must-revalidate
content-length:0
content-type:text/html; charset=UTF-8
date:Mon, 05 Mar 2018 13:52:41 GMT
expires:-1
pragma:no-cache
server:nginx
status:200
x-powered-by:PleskLin
x-powered-by:PHP/7.2.2

Request Header:
:authority:backend.example.com
:method:OPTIONS
:path:/api/v1/leads/showAdmin
:scheme:https
accept:*/*
accept-encoding:gzip, deflate, br
accept-language:de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
access-control-request-headers:authorization
access-control-request-method:POST
origin:https://example.com
user-agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36

这是我正在使用的Laravel Cors图书馆： https://github.com/asm89/stack-cors

我对Cors Library所做的所有设置都在上面。

Ajax被阻止，因为没有来源，尽管它存在

0 个答案: