我的行为举止
public function behaviors()
{
$behaviors = parent::behaviors();
$auth = $behaviors['authenticator'] = [
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
QueryParamAuth::className(),
],
'except' => ['login', 'check-token-validity', 'test-accounts'],
];
unset($behaviors['authenticator']);
$behaviors['corsFilter'] = [
'class' => Cors::className(),
'cors' => [
// 'Origin' => ['*'],
'Access-Control-Allow-Credentials' => true,
'Origin' => static::allowedDomains(),
'Access-Control-Request-Method' => ['POST', 'PUT'],
'Access-Control-Expose-Headers' => ['Access_status_code'],
],
];
$behaviors['verbs'] = [
'class' => VerbFilter::className(),
'actions' => [
'delete' => ['POST', 'OPTIONS'],
],
];
$behaviors['authenticator'] = $auth;
//access
return $behaviors;
}
public static function allowedDomains()
{
return [
'http://test1.example.com',
'http://test2.example.com',
];
}
从上面开始,我已经将Origin设置为上述静态域,但是当我检查ajax请求响应时,我发现响应标头的起源设置为Access-Control-Allow-Origin: *
此外,尽管设置了Access-Control-Request-Method
要执行此操作,还需要添加什么?