Yii2 CORS过滤器仅允许特定的原始域失败

时间:2019-01-03 02:41:55

标签: php yii2 cors

我的行为举止

public function behaviors()
{
    $behaviors = parent::behaviors();
    $auth = $behaviors['authenticator'] = [
        'class' => CompositeAuth::className(),
        'authMethods' => [
            HttpBearerAuth::className(),
            QueryParamAuth::className(),
        ],
        'except' => ['login', 'check-token-validity', 'test-accounts'],
    ];
    unset($behaviors['authenticator']);

    $behaviors['corsFilter'] = [
        'class' => Cors::className(),
        'cors' => [
            // 'Origin' => ['*'],
            'Access-Control-Allow-Credentials' => true,

            'Origin' => static::allowedDomains(),

            'Access-Control-Request-Method' => ['POST', 'PUT'],

            'Access-Control-Expose-Headers' => ['Access_status_code'],
        ],
    ];
    $behaviors['verbs'] = [
        'class' => VerbFilter::className(),
        'actions' => [
            'delete' => ['POST', 'OPTIONS'],
        ],
    ];
    $behaviors['authenticator'] = $auth;
    //access
    return $behaviors;
}


    public static function allowedDomains()
{
    return [
        'http://test1.example.com',
        'http://test2.example.com',
    ];
}

从上面开始,我已经将Origin设置为上述静态域,但是当我检查ajax请求响应时,我发现响应标头的起源设置为Access-Control-Allow-Origin: *

此外,尽管设置了Access-Control-Request-Method

,但我仍然无法限制访问方法

要执行此操作,还需要添加什么?

0 个答案:

没有答案
相关问题
最新问题