尝试了很多其他解决方案中的东西
在route.php中
header('Access-Control-Allow-Origin: http://www.campaignpulse.com/');
或
header('Access-Control-Allow-Origin: www.campaignpulse.com/');
或
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
Route::post('cors', ['middleware' => 'cors',function () { return response()->json(['message' =>'cors'], 200); } ]);
cors.php
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', 'www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
}
kernal.php
protected $middleware = [
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'cors' => \App\Http\Middleware\Cors::class,
];
反应部件
return fetch('http://www.campaignserver.com:81/cors',
{
method: 'post',
credentials: "same-origin",
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': 'www.campaignpulse.com' },
}
).then(response => response.json())
.then(resData => {
console.log(resData)
})
,错误是
从原点“ http://www.campaignserver.com:81/cors”到“ http://www.campaignpulse.com”的获取操作已被CORS策略阻止:对预检请求的响应未通过访问控制检查:否“ Access-Control-Allow-来源的标头出现在请求的资源上。如果不透明的响应满足您的需求,请将请求的模式设置为“ no-cors”以在禁用CORS的情况下获取资源。
我还能尝试什么?请建议
答案 0 :(得分:0)
浏览器发出的跨源请求将向服务器发送飞行前OPTIONS请求,该服务器必须至少返回Access-Control-Allow-Origin标头。
仅仅将它与对POST路由的响应一起返回是不够的。
我建议使用https://github.com/barryvdh/laravel-cors之类的软件包来提供CORS中间件和配置
还要注意,来源是主机名或通配符。
例如,ACAO标头的有效值
* https://www.example.org 没有URI部分
修改
必须纠正自己,显然协议和端口是ACAO标头的有效部分,这很有意义
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
edit2
要调试此功能,请确保两者
OPTIONS http://www.campaignserver.com:81/cors
和
POST http://www.campaignserver.com:81/cors
返回标题
Access-Control-Allow-Origin: http://www.campaignserver.com:81
要么
Access-Control-Allow-Origin: *