Php Laravel 5.1 API启用Cors
我已经寻找了一些在laravel 5.1上启用cors的方法,特别是,我发现了一些LIB,如: 但是他们都没有专门针对Laravel5.1的实现教程,我尝试过配置,但没有效果Php Laravel 5.1 API启用Cors,php,api,laravel,cors,laravel-5.1,Php,Api,Laravel,Cors,Laravel 5.1,我已经寻找了一些在laravel 5.1上启用cors的方法,特别是,我发现了一些LIB,如: 但是他们都没有专门针对Laravel5.1的实现教程,我尝试过配置,但没有效果 如果有人已经在laravel 5.1上实现了CORS,我将非常感谢您的帮助…以下是我的CORS中间件: <?php namespace App\Http\Middleware; use Closure; class CORS { /** * Handle an incoming reque
如果有人已经在laravel 5.1上实现了CORS,我将非常感谢您的帮助…以下是我的CORS中间件:
<?php namespace App\Http\Middleware;
use Closure;
class CORS {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
];
if($request->getMethod() == "OPTIONS") {
// The client-side application can set only headers allowed in Access-Control-Allow-Headers
return Response::make('OK', 200, $headers);
}
$response = $next($request);
foreach($headers as $key => $value)
$response->header($key, $value);
return $response;
}
}
然后你可以在你的路线上使用它
Route::get('example', array('middleware' => 'cors', 'uses' => 'ExampleController@dummy'));
我总是用简单的方法。只需在
\public\index.php
文件中添加以下行即可。我认为您不必使用中间件
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
与Laravel 5.1完美配合,只需几个关键点即可实现
<?php
return [
'supportsCredentials' => true,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE'],
'exposedHeaders' => ['DAV', 'content-length', 'Allow'],
'maxAge' => 86400,
'hosts' => [],
];
但这取决于您是否将其用作路由中间件并放置在特定的路由上这将使软件包与L5.1兼容,我使用的是Laravel 5.4,不幸的是,尽管接受的答案似乎很好,但对于预引导请求(如
PUT
和DELETE
),它前面会有一个OPTIONS
请求,在$routeMiddleware
数组中指定中间件(并在路由定义文件中使用该选项)将不起作用,除非您也为OPTIONS
定义了路由处理程序。这是因为如果没有OPTIONS
route-Laravel,则在没有CORS头的情况下,它将返回到该方法
因此,简而言之,要么在为所有请求全局运行的$middleware
数组中定义中间件,要么在$middlegroups
或$routeMiddleware
中定义中间件,然后还为选项
定义路由处理程序。可以这样做:
protected $routeMiddleware = [
//other middlewares
'cors' => 'App\Http\Middleware\CORS',
];
Route::match(['options', 'put'], '/route', function () {
// This will work with the middleware shown in the accepted answer
})->middleware('cors');
我还为同样的目的编写了一个中间件,它看起来很相似,但尺寸更大,因为它试图更具可配置性,并处理一系列条件:
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
private static $allowedOriginsWhitelist = [
'http://localhost:8000'
];
// All the headers must be a string
private static $allowedOrigin = '*';
private static $allowedMethods = 'OPTIONS, GET, POST, PUT, PATCH, DELETE';
private static $allowCredentials = 'true';
private static $allowedHeaders = '';
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (! $this->isCorsRequest($request))
{
return $next($request);
}
static::$allowedOrigin = $this->resolveAllowedOrigin($request);
static::$allowedHeaders = $this->resolveAllowedHeaders($request);
$headers = [
'Access-Control-Allow-Origin' => static::$allowedOrigin,
'Access-Control-Allow-Methods' => static::$allowedMethods,
'Access-Control-Allow-Headers' => static::$allowedHeaders,
'Access-Control-Allow-Credentials' => static::$allowCredentials,
];
// For preflighted requests
if ($request->getMethod() === 'OPTIONS')
{
return response('', 200)->withHeaders($headers);
}
$response = $next($request)->withHeaders($headers);
return $response;
}
/**
* Incoming request is a CORS request if the Origin
* header is set and Origin !== Host
*
* @param \Illuminate\Http\Request $request
*/
private function isCorsRequest($request)
{
$requestHasOrigin = $request->headers->has('Origin');
if ($requestHasOrigin)
{
$origin = $request->headers->get('Origin');
$host = $request->getSchemeAndHttpHost();
if ($origin !== $host)
{
return true;
}
}
return false;
}
/**
* Dynamic resolution of allowed origin since we can't
* pass multiple domains to the header. The appropriate
* domain is set in the Access-Control-Allow-Origin header
* only if it is present in the whitelist.
*
* @param \Illuminate\Http\Request $request
*/
private function resolveAllowedOrigin($request)
{
$allowedOrigin = static::$allowedOrigin;
// If origin is in our $allowedOriginsWhitelist
// then we send that in Access-Control-Allow-Origin
$origin = $request->headers->get('Origin');
if (in_array($origin, static::$allowedOriginsWhitelist))
{
$allowedOrigin = $origin;
}
return $allowedOrigin;
}
/**
* Take the incoming client request headers
* and return. Will be used to pass in Access-Control-Allow-Headers
*
* @param \Illuminate\Http\Request $request
*/
private function resolveAllowedHeaders($request)
{
$allowedHeaders = $request->headers->get('Access-Control-Request-Headers');
return $allowedHeaders;
}
}
只需将其用作中间件即可
<?php
namespace App\Http\Middleware;
use Closure;
class CorsMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$response->header('Access-Control-Allow-Origin', '*');
$response->header('Access-Control-Allow-Methods', '*');
return $response;
}
}
对我来说,我把这些代码放在public\index.php
文件中。它对所有CRUD操作都很有效
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, post, get');
header("Access-Control-Max-Age", "3600");
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
header("Access-Control-Allow-Credentials", "true");
在浪费了很多时间之后,我终于发现了这个愚蠢的错误,这可能对你也有帮助
如果您不能通过函数关闭或控制器操作从路由返回响应,那么它将不起作用。
例如:
结束
Route::post('login', function () {
return response()->json(['key' => 'value'], 200); //Make sure your response is there.
});
控制器动作
Route::post('login','AuthController@login');
class AuthController extends Controller {
...
public function login() {
return response()->json(['key' => 'value'], 200); //Make sure your response is there.
}
...
}
测试CORS
Chrome->开发者工具->网络选项卡
如果出现任何问题,您的响应标题将不在此处。
使用此库。按照本报告中提到的说明进行操作
记住不要在CORS URL中使用dd()
或die()
,因为此库将不起作用。请始终在CORS URL中使用return
谢谢Barryvdh's是为Laravel 5设计的,它也应该是5.1版的。你试过了吗?是的,我试过了,但我还是收到了以下信息(这是一个有角度的前端)XMLHttpRequest无法加载。请求的资源上不存在“Access Control Allow Origin”头。因此不允许访问源“”。但我已在cors文件“supportsCredentials”=>true、“allowedOrigins”=>['、“allowedHeaders”=>['*']、“allowedMethods”=>['GET'、'POST'、'PUT'、'DELETE']、'exposedHeaders'=>[]、'maxAge'=>0、'hosts'=>[],您收到了哪条消息?XMLHttpRequest无法加载api.address.com。请求的资源上不存在“Access Control Allow Origin”标头。Origin“127.0.0.1:8080”;因此不允许访问您是否发布了配置文件并对其进行了相应的编辑?只是澄清一下-这是问题中提到的包的替代方案吗?@retro等级是的,如果你选择了这个解决方案,你就不必使用软件包。这是非常好的解决方案,也是检查是否允许使用Origin的选项方法——就像在中间件中一样——但由于某种原因,我无法在laravel 5.X中的POST方法中运行所有选项-有什么想法吗?请注意,对我来说,它是5.6版,我还需要添加\App\Http\Middleware\Cors::class
位于Kernel.php,在protected$Middleware
数组中。如果有人像我一样遭受痛苦,可以试试this@arikanmstf你刚刚完成了我的一周!!这是我的CORS遇到的问题。你说得对,将它添加到kernel.php中受保护的$middleware中修复了它!非常感谢。它不是elegant@EfriandikaPratama为什么不呢?index.php
文件正在所有HTTP请求上使用。因此,这是一种简单且用户友好的方法。@EfriandikaPratama反复说同样的话并不能证明你的观点。如果你想为你的整个应用程序启用CORS是好的,但如果你想在某些路由上启用CORS,则不适用。我认为这会让你更容易理解se建议改用中间件。这很简单,我认为当所有路由都已使用OAuth或JWT进行保护时,在中间件中进行保护是不必要的。太棒了,我读了你的博客文章,它工作得很好。谢谢!@Rishabh我刚刚检查了一些与CORS相关的Laravel问题,几乎每个答案都是一样的,但这是一个很好的答案实际上非常好。我一直在寻找每个配置文件元素的详细信息,特别是“exposedHeaders”和“supportsCredentials”,但不幸的是,还没有任何成功,您介意提供一些关于它们的详细信息,或者发布一个参考吗?非常感谢!!
Route::post('login','AuthController@login');
class AuthController extends Controller {
...
public function login() {
return response()->json(['key' => 'value'], 200); //Make sure your response is there.
}
...
}