使用CURLOPT_HTTPHEADER设置CURL标头会产生CORS问题

时间:2018-12-24 13:58:37

标签: php http curl cors

我正在尝试执行cURL POST请求,用PHP定义HTTP标头,但出现了CORS问题。

所以我有一个.php文件,该文件是使用AJAX从Web应用程序调用的。在此.php文件中,我正在使用cURL对外部API进行HTTP POST请求。一切正常,直到我不得不为身份验证目的设置不同的HTTP标头。当我尝试使用以下方法在cURL请求中定义HTTP标头时:

//Set Headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  'Authorization': 'someAuthorization',
  'x-api-key': 'somekey',
  'Content-Type': 'application/x-www-form-urlencoded'
));

我开始在客户端(webapp)和我自己的终结点之间遇到CORS问题,这之前从未发生过。我尝试在执行cURL请求后再次定义标头,但没有成功:

//execute post
$result = curl_exec($ch);
if($result === false){
  echo 'Curl error: ' . curl_error($ch);
}else{
//$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
//CORS
if (isset($_SERVER['HTTP_ORIGIN'])) {
    //header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header("Access-Control-Allow-Origin: http://localhost:4200");
    header('Access-Control-Allow-Credentials: true');    
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); 
}   
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers: 
{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
}
echo $result;
};

有什么想法为什么会这样?在我看来,通过执行cURL请求,我用cURL覆盖了标头,因此从不应用CORS标头配置。

此处包含.php文件中的所有代码

<?php

$url = 'someurl';
$fields = ['pax' => '2', 'ownerid' => '1', 'channel' => '3'];

//url-ify the data for the POST
$fields_string = http_build_query($fields);

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);

//So that curl_exec returns the contents of the cURL; rather than echoing it
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); 

//Set Headers
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Authorization': 'someAuth',
'x-api-key': 'someKey',
'Content-Type': 'application/x-www-form-urlencoded',
));

//DISABLE SSL
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

//execute post
$result = curl_exec($ch);
if($result === false){
  echo 'Curl error: ' . curl_error($ch);
}else{
  //$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  //CORS
  if (isset($_SERVER['HTTP_ORIGIN'])) {
    //header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header("Access-Control-Allow-Origin: http://localhost:4200");
    header('Access-Control-Allow-Credentials: true');    
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS"); 
  }   
  if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
    if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
        header("Access-Control-Allow-Headers:{$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    exit(0);
  }
  echo $result;
};

curl_close($ch);
?>

1 个答案:

答案 0 :(得分:0)

在curl请求中设置一些标头不会更改.php脚本中的标头。

更新1:

您的php脚本中有一个解析错误(您自己发现):

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  'Authorization': 'someAuthorization',
  'x-api-key': 'somekey',
  'Content-Type': 'application/x-www-form-urlencoded'
));

应该是:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
  'Authorization: someAuthorization',
  'x-api-key: somekey',
  'Content-Type: application/x-www-form-urlencoded'
));

对此脚本的Ajax调用会导致错误500响应,其中包含默认标头,而您尝试在.php脚本中设置的标头。

在您的本地环境中启用错误报告以查看问题“较早”。

例如在php.ini中:

error_reporting=E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 
display_errors=On

@请参阅How do I get PHP errors to display?

相关问题
最新问题