Fatal编程技术网
  • cors/
  • Cors 在Laravel 5.3 Passport中添加Access Control Allow Origin标头响应

Cors 在Laravel 5.3 Passport中添加Access Control Allow Origin标头响应

cors

Cors 在Laravel 5.3 Passport中添加Access Control Allow Origin标头响应,cors,laravel-5.3,Cors,Laravel 5.3,我是Laravel的新手,正在使用OAuth2.0密码授权进行Laravel 5.3 Passport项目。当我使用参数对API进行卷曲时,它会使用标记进行响应。然而,在浏览器中,它需要端点应该添加的额外安全性,因为我的请求来自localhost,而API位于我的VM中。以下是错误: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080

我是Laravel的新手,正在使用OAuth2.0密码授权进行Laravel 5.3 Passport项目。当我使用参数对API进行卷曲时,它会使用标记进行响应。然而,在浏览器中,它需要端点应该添加的额外安全性,因为我的请求来自localhost,而API位于我的VM中。以下是错误:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 400.
我知道问题是什么,但我不知道放在哪里包括该标题,因为这是一个第三方应用程序

提前感谢各位专家。请提供帮助。

简单的答案是将
访问控制允许源站
标题设置为
本地主机
*
。我通常是这样做的:

创建一个名为
Cors
的简单中间件:

php artisan make:middleware Cors

public function handle($request, Closure $next)
{
    return $next($request)->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods','GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS')
        ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}
将以下代码添加到
app/Http/Middleware/Cors.php

 public function handle($request, Closure $next) 
 {
     return $next($request)
         ->header('Access-Control-Allow-Origin', '*')
         ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
         ->header('Access-Control-Allow-Headers', 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'); 
 }

公共函数句柄($request,Closure$next)
{
返回$next($request)
->标题('Access-Control-Allow-Origin','*'))
->标题('Access-Control-Allow-Methods'、'GET、POST、PUT、DELETE、OPTIONS');
}
您可以将
*
替换为
localhost
或保持原样

下一步是加载中间件。将以下行添加到
app/Http/Kernel.php
中的
$routeMiddleware
数组中

'cors'=>\App\Http\Middleware\cors::class,
最后一步是在要设置访问源标头的路由上使用中间件。假设您正在讨论laravel 5.3中的新api路由,那么可以在
app/Providers/RouteServiceProvider.php
中的
mapApiRoutes()
函数中进行操作(您可以删除或注释该函数以前的代码):

Route::group([
'中间件'=>api',cors'],
“名称空间”=>$this->namespace,
'前缀'=>'api',
],功能($router){
//在此处添加路线,例如:
路由::apiResource(“/posts”,“PostController”);
});
您也可以使用great

安装包后,要获得所有路由的CORS支持,最简单的方法是在Http/Kernel.php中添加如下中间件:

protected $middleware = [
    \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
    \Barryvdh\Cors\HandleCors::class,
];
如果您不想在所有路由上都支持CORS,您应该为
/oauth/token
创建一个新的选项路由,并仅将CORS中间件添加到该路由

为Laravel 8编辑

Laravel 8已经内置了CORS支持-
HandleCors
中间件在全局中定义,可以在应用程序的
config/CORS.php
config文件中配置

如果您更新了Laravel应用程序,请确保使用提供的中间件更改barryvdh的包:
\Fruitcake\Cors\HandleCors::class

小心,您不能修改飞行前。 此外,浏览器(至少是chrome)会删除“授权”标题。。。这会导致根据路线设计可能出现的一些问题。例如,飞行前将永远不会进入passport路线表,因为它没有带有令牌的标头

如果您正在设计一个带有选项方法实现的文件,则必须在路由文件web.php中定义一个(或多个)“陷阱”路由,以便preflght(无头授权)可以解析请求并获得相应的CORS头。
因为默认情况下它们不能在中间件200中返回,所以它们必须在原始请求上添加头。

简单的答案是将访问控制允许原始头设置为localhost或*。我通常是这样做的:

将以下代码添加到bootstrap/app.php:

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: *');
header('Access-Control-Allow-Headers: *');
对于那些没有解决在
App\Http\Kernel
中设置路由中间件问题的人,请尝试设置全局中间件。在
App\Http\Middleware\Cors
中:

php artisan make:middleware Cors

public function handle($request, Closure $next)
{
    return $next($request)->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods','GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS')
        ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}

App\Http\Kernel
中:

protected $middleware = [
    ...
    \App\Http\Middleware\Cors::class,
];
只需将此添加到您的视图中即可:

<?php header("Access-Control-Allow-Origin: *"); ?>
在App/Http/Middleware中创建一个Cors.php文件,并将其粘贴到其中。☑

<?php

namespace App\Http\Middleware;

use Closure;


class Cors {    public function handle($request, Closure $next)
    {
        header("Access-Control-Allow-Origin: *");
        //ALLOW OPTIONS METHOD
        $headers = [
            'Access-Control-Allow-Methods' => 'POST,GET,OPTIONS,PUT,DELETE',
            'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization',
        ];
        if ($request->getMethod() == "OPTIONS"){
            //The client-side application can set only headers allowed in Access-Control-Allow-Headers
            return response()->json('OK',200,$headers);
        }
        $response = $next($request);
        foreach ($headers as $key => $value) {
            $response->header($key, $value);
        }
        return $response;

    } }
就是这样,您允许所有Cors标题。☑

只需将其添加到代码控制器中即可

return response()->json(compact('token'))->header("Access-Control-Allow-Origin",  "*");
如果您已经应用了CORS中间件,但它仍然不起作用,那么试试这个

如果API的路径为:

Route::post("foo", "MyController"})->middleware("cors");
然后您需要将其更改为允许选项方法:

Route::match(['post', 'options'], "foo", "MyController")->middleware("cors");
之后 
https://github.com/fruitcake/laravel-cors
我必须在cors.php文件中进行如下更改

     * Sets the Access-Control-Allow-Credentials header.
     */
    'supports_credentials' => true,
添加
访问控制的几个步骤将允许源站
标题添加到
本地主机或*

步骤1:创建Cors中间件:

php artisan make:middleware Cors
步骤2:像这样在Cors中间件中设置头

public function handle($request, Closure $next)
    {
        $response = $next($request);
        $response->headers->set('Access-Control-Allow-Origin' , '*');
        $response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE');
        $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With, Application');

        return $response;
    }
步骤3:我们需要在
app/Http/Kernel.php

 protected $middleware = [
        ....
        \App\Http\Middleware\Cors::class,
    ];

 protected $routeMiddleware = [
     ....
     'cors' => \App\Http\Middleware\Cors::class,
 ];
这里不需要检查任何中间件 因为我们在
app/Http/Kernel.php
工作解决方案的
$middleware
中添加了Cors类

 protected $middleware = [
        ....
        \App\Http\Middleware\Cors::class,
    ];

 protected $routeMiddleware = [
     ....
     'cors' => \App\Http\Middleware\Cors::class,
 ];
步骤1:创建Cors中间件

php artisan make:middleware Cors

 php artisan make:middleware Cors
步骤2:在Cors中间件内部句柄函数中设置头

return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
步骤3:在app/Http/Kernel.php中添加Cors类

protected $routeMiddleware = [
    ....
    'cors' => \App\Http\Middleware\Cors::class,
];

Route::prefix('api')
         ->middleware(['api', 'cors'])
         ->namespace($this->namespace)
         ->group(base_path('routes/api.php'));

Route::post('example', 'controllerName@functionName')->name('example');
步骤4:在app/providers/routeServiceProvider.php中替换mapApiRoutes

protected $routeMiddleware = [
    ....
    'cors' => \App\Http\Middleware\Cors::class,
];

Route::prefix('api')
         ->middleware(['api', 'cors'])
         ->namespace($this->namespace)
         ->group(base_path('routes/api.php'));

Route::post('example', 'controllerName@functionName')->name('example');
步骤5:在routes/api.php中添加路由

protected $routeMiddleware = [
    ....
    'cors' => \App\Http\Middleware\Cors::class,
];

Route::prefix('api')
         ->middleware(['api', 'cors'])
         ->namespace($this->namespace)
         ->group(base_path('routes/api.php'));

Route::post('example', 'controllerName@functionName')->name('example');
如果出于某种原因,它仍然不起作用。 Laravel的第一选择 任何应用程序的第二个选项

第一个选项:

<?php header("Access-Control-Allow-Origin: *"); ?>
  • 正如上面的例子,我们创建了中间件

    php artisan make:middleware Cors

     php artisan make:middleware Cors
  • 将以下代码添加到
    app/Http/Middleware/Cors.php

     public function handle($request, Closure $next) 
 {
     return $next($request)
         ->header('Access-Control-Allow-Origin', '*')
         ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
         ->header('Access-Control-Allow-Headers', 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'); 
 }
    • 仔细看,标题中的数据量
    ->标题('Access-Control-Allow-Headers',

  • 第三步,将中间件添加到
    app/Http/Kernel.php

     protected $middleware = [
        ....
        \App\Http\Middleware\Cors::class,
    ];

     protected $routeMiddleware = [
     ....
     'cors' => \App\Http\Middleware\Cors::class,
 ];
    • 第二选项:

    <?php header("Access-Control-Allow-Origin: *"); ?>
  • 打开域的nginx.conf设置

     sudo nano /etc/nginx/sites-enabled/your-domain.conf
  • 在服务器设置服务器
    {listen 80;…}
    中,请添加以下代码:

     add_header 'Access-Control-Allow-Origin' '*';
 add_header 'Access-Control-Allow-Credentials' 'true';
 add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
 add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';