Question

我对Laravel CORS有疑问。我已经使用以下配置文件安装了barryvdh/laravel-cors捆绑包：

'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['*'],
'allowedMethods' => ['PUT', 'GET', 'OPTIONS', 'POST', 'DELETE'],
'exposedHeaders' => [],
'maxAge' => 0,

我什至在AppServiceProfider.php文件中添加了以下几行

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,X-CSRF-TOKEN');
header('Access-Control-Allow-Methods: POST,GET,PUT,OPTIONS,DELETE');

而且我仍然无法在Firefox上发出PUT请求。我收到“同一来源策略”错误-在CORS标头“ Access-Control-Allow-Methods”中找不到该方法。

奇怪的是：如您所见，我将Allow-Methods标头设置为POST,GET,PUT,OPTIONS,DELETE，但是每个浏览器都将其设置为*：

Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,X-CSRF-TOKEN
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin: *

什至更奇怪-当我在Postman中提出相同的请求时，标题看起来很好：

access-control-allow-headers →Authorization,Content-Type,X-Requested-With,XCSRF-TOKEN
access-control-allow-methods →POST,GET,PUT,OPTIONS,DELETE

怎么了？ laravel处理飞行前请求是否有所不同？

Answer 1

我遇到了同样的问题，我通过将.htaccess文件中的标头设置为

解决了该问题

<IfModule mod_rewrite.c>

   #...... other settings here

    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header set Access-Control-Max-Age "1000"
    Header set Access-Control-Allow-Headers "access_token, x-requested-with, Content-Type, Accept-Encoding, Accept-Language, Cookie, Referer"
</IfModule>

Laravel飞行前CORS

1 个答案: