我有什么:
1)两个应用:位于https://domain.local的客户端(完全Vue)和位于https://api.domain.local的API(Laravel 5.7)。
2)axios用于客户端上的API调用:
axios.post( //url, { //data })
3)API端:
//routes/api.php
Route::resource('users', 'UserController');
//app/Http/Kernel.php
'api' => [
'throttle:60,1',
'bindings',
HandleCors::class, //<--https://github.com/barryvdh/laravel-cors
],
//config/cors.php
'supportsCredentials' => true,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
//UserController@store - method I'm testing
public function store(Request $request)
{
dd($request);
}
我的问题:
dd($request)返回text/html MIME响应。而且我从客户端发出的POST请求失败。
有两个来自客户端的请求:“ OPTIONS”和“ POST”。两者都具有200条回应。 “ OPTIONS”响应标题:
HTTP/1.0 200 OK
Cache-Control: no-cache, private
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://domain.local:8080
Access-Control-Allow-Methods: POST
Access-Control-Allow-Headers: CONTENT-TYPE
“ OPTIONS”请求标头:
Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
“ POST”响应标题:
Content-Type: text/html; charset=UTF-8
“ POST”请求标头:
Accept: application/json, text/plain, */*
Content-Type: application/json;charset=UTF-8
浏览器错误:
跨域读取阻止(CORB)阻止了MIME类型为text / html的跨域响应https://api.domain.local/users。有关更多详细信息,请参见https://www.chromestatus.com/feature/5629709824032768。
当我删除dd(...)并返回适当的响应时,一切正常,但是我现在想获取该dd(...)。
我尝试过的事情(目前无济于事)
1)发送withCredentials标志
axios.post(//url, {
withCredentials: true,
//data
})
2)发送XMLHttpRequest标头
axios.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'
3)更改cors配置:
'allowedHeaders' => ['Access-Control-Allow-Origin'],
或
'allowedOrigins' => ['https://domain.local:8080'],
引起“不允许标题” 403响应。
P。 S.使用“失眠”或“邮递员”时,任何请求都可以正常工作。