Cors 在Laravel 5.3 Passport中添加Access Control Allow Origin标头响应
我是Laravel的新手,正在使用OAuth2.0密码授权进行Laravel 5.3 Passport项目。当我使用参数对API进行卷曲时,它会使用标记进行响应。然而,在浏览器中,它需要端点应该添加的额外安全性,因为我的请求来自localhost,而API位于我的VM中。以下是错误:Cors 在Laravel 5.3 Passport中添加Access Control Allow Origin标头响应,cors,laravel-5.3,Cors,Laravel 5.3,我是Laravel的新手,正在使用OAuth2.0密码授权进行Laravel 5.3 Passport项目。当我使用参数对API进行卷曲时,它会使用标记进行响应。然而,在浏览器中,它需要端点应该添加的额外安全性,因为我的请求来自localhost,而API位于我的VM中。以下是错误: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. The response had HTTP status code 400.
我知道问题是什么,但我不知道放在哪里包括该标题,因为这是一个第三方应用程序
提前感谢各位专家。请提供帮助。简单的答案是将
访问控制允许源站
标题设置为本地主机
或*
。我通常是这样做的:
创建一个名为Cors
的简单中间件:
php artisan make:middleware Cors
public function handle($request, Closure $next)
{
return $next($request)->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods','GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS')
->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}
将以下代码添加到app/Http/Middleware/Cors.php
:
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range');
}
公共函数句柄($request,Closure$next)
{
返回$next($request)
->标题('Access-Control-Allow-Origin','*'))
->标题('Access-Control-Allow-Methods'、'GET、POST、PUT、DELETE、OPTIONS');
}
您可以将*
替换为localhost
或保持原样
下一步是加载中间件。将以下行添加到app/Http/Kernel.php
中的$routeMiddleware
数组中
'cors'=>\App\Http\Middleware\cors::class,
最后一步是在要设置访问源标头的路由上使用中间件。假设您正在讨论laravel 5.3中的新api路由,那么可以在app/Providers/RouteServiceProvider.php
中的mapApiRoutes()
函数中进行操作(您可以删除或注释该函数以前的代码):
Route::group([
'中间件'=>api',cors'],
“名称空间”=>$this->namespace,
'前缀'=>'api',
],功能($router){
//在此处添加路线,例如:
路由::apiResource(“/posts”,“PostController”);
});
您也可以使用great
安装包后,要获得所有路由的CORS支持,最简单的方法是在Http/Kernel.php中添加如下中间件:
protected $middleware = [
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Barryvdh\Cors\HandleCors::class,
];
如果您不想在所有路由上都支持CORS,您应该为/oauth/token
创建一个新的选项路由,并仅将CORS中间件添加到该路由
为Laravel 8编辑
Laravel 8已经内置了CORS支持-HandleCors
中间件在全局中定义,可以在应用程序的config/CORS.php
config文件中配置
如果您更新了Laravel应用程序,请确保使用提供的中间件更改barryvdh的包:
\Fruitcake\Cors\HandleCors::class
小心,您不能修改飞行前。
此外,浏览器(至少是chrome)会删除“授权”标题。。。这会导致根据路线设计可能出现的一些问题。例如,飞行前将永远不会进入passport路线表,因为它没有带有令牌的标头
如果您正在设计一个带有选项方法实现的文件,则必须在路由文件web.php中定义一个(或多个)“陷阱”路由,以便preflght(无头授权)可以解析请求并获得相应的CORS头。
因为默认情况下它们不能在中间件200中返回,所以它们必须在原始请求上添加头。简单的答案是将访问控制允许原始头设置为localhost或*。我通常是这样做的: 将以下代码添加到bootstrap/app.php:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: *');
header('Access-Control-Allow-Headers: *');
对于那些没有解决在
App\Http\Kernel
中设置路由中间件问题的人,请尝试设置全局中间件。在App\Http\Middleware\Cors
中:
php artisan make:middleware Cors
public function handle($request, Closure $next)
{
return $next($request)->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods','GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS')
->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}
在App\Http\Kernel
中:
protected $middleware = [
...
\App\Http\Middleware\Cors::class,
];
只需将此添加到您的视图中即可:
<?php header("Access-Control-Allow-Origin: *"); ?>
在App/Http/Middleware中创建一个Cors.php文件,并将其粘贴到其中。☑
<?php
namespace App\Http\Middleware;
use Closure;
class Cors { public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
//ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods' => 'POST,GET,OPTIONS,PUT,DELETE',
'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization',
];
if ($request->getMethod() == "OPTIONS"){
//The client-side application can set only headers allowed in Access-Control-Allow-Headers
return response()->json('OK',200,$headers);
}
$response = $next($request);
foreach ($headers as $key => $value) {
$response->header($key, $value);
}
return $response;
} }
就是这样,您允许所有Cors标题。☑ 只需将其添加到代码控制器中即可
return response()->json(compact('token'))->header("Access-Control-Allow-Origin", "*");
如果您已经应用了CORS中间件,但它仍然不起作用,那么试试这个 如果API的路径为:
Route::post("foo", "MyController"})->middleware("cors");
然后您需要将其更改为允许选项方法:
Route::match(['post', 'options'], "foo", "MyController")->middleware("cors");
之后
https://github.com/fruitcake/laravel-cors
我必须在cors.php文件中进行如下更改
* Sets the Access-Control-Allow-Credentials header.
*/
'supports_credentials' => true,
添加
访问控制的几个步骤将允许源站
标题添加到本地主机或*
步骤1:创建Cors中间件:
php artisan make:middleware Cors
步骤2:像这样在Cors中间件中设置头
public function handle($request, Closure $next)
{
$response = $next($request);
$response->headers->set('Access-Control-Allow-Origin' , '*');
$response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE');
$response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With, Application');
return $response;
}
步骤3:我们需要在app/Http/Kernel.php
protected $middleware = [
....
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
这里不需要检查任何中间件
因为我们在app/Http/Kernel.php
工作解决方案的$middleware
中添加了Cors类
protected $middleware = [
....
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
步骤1:创建Cors中间件
php artisan make:middleware Cors
php artisan make:middleware Cors
步骤2:在Cors中间件内部句柄函数中设置头
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
步骤3:在app/Http/Kernel.php中添加Cors类
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
Route::prefix('api')
->middleware(['api', 'cors'])
->namespace($this->namespace)
->group(base_path('routes/api.php'));
Route::post('example', 'controllerName@functionName')->name('example');
步骤4:在app/providers/routeServiceProvider.php中替换mapApiRoutes
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
Route::prefix('api')
->middleware(['api', 'cors'])
->namespace($this->namespace)
->group(base_path('routes/api.php'));
Route::post('example', 'controllerName@functionName')->name('example');
步骤5:在routes/api.php中添加路由
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
Route::prefix('api')
->middleware(['api', 'cors'])
->namespace($this->namespace)
->group(base_path('routes/api.php'));
Route::post('example', 'controllerName@functionName')->name('example');
如果出于某种原因,它仍然不起作用。 Laravel的第一选择 任何应用程序的第二个选项 第一个选项:
<?php header("Access-Control-Allow-Origin: *"); ?>
php artisan make:middleware Cors
php artisan make:middleware Cors
app/Http/Middleware/Cors.php
:
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range');
}
->标题('Access-Control-Allow-Headers',
app/Http/Kernel.php
protected $middleware = [
....
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
....
'cors' => \App\Http\Middleware\Cors::class,
];
<?php header("Access-Control-Allow-Origin: *"); ?>
sudo nano /etc/nginx/sites-enabled/your-domain.conf
{listen 80;…}
中,请添加以下代码:
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';