当我尝试使用jwt.auth在中间件组中发出http请求时,我收到:
:9000 /#/ dash / tipodeprodutos:1在以下位置访问XMLHttpRequest 原产地的“ https://api2.jcontrole.com.br/api/notificacoes/gerais” “ http://localhost:9000”已被CORS政策阻止:请求 标头字段令牌在访问控制-允许-标头中是不允许的 飞行前反应。
| Framework | Laravel
| Framework version | 5.6
| Package version | Try using "barryvdh/laravel-cors": "^0.9.2", and "tymon/jwt-auth": "^0.5.12"
| PHP version | PHP 5.6.36 (cli) (built: Apr 25 2018 16:45:32)
我有没有jwt中间件的路由:
<?php
use Illuminate\Http\Request;
Auth::routes();
//Route::post('login', 'UserController@acessarSistema');
Route::post('login', 'UserController@authenticate');
这正常工作,但是当我尝试使用jwt auth在一个组中发出http请求时,我收到cors错误:
$this->group(['middleware' => 'jwt.auth', ['prefix' => 'api']], function() {
Route::post('admin/tipo-produto', 'TipoProdutosController@create')->name('cadastrar_tipo_produto')->middleware('checarPermissaoTela');
})
我尝试:
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
'throttle:60,1',
'bindings',
**\Barryvdh\Cors\HandleCors::class,**
],
];
我在Kernel.php中添加了cors软件包:
protected $middleware = [
\Barryvdh\Cors\HandleCors::class,
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
];
在cofig / cors.php中:
<?php
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
];
也尝试放入public / index.php:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');