Php Laravel API cors-飞行前响应中的访问控制允许标头不允许请求标头字段授权
我的LaravelAPI和Angular客户端应用程序之间存在CORS问题 这是我的cors中间件Php Laravel API cors-飞行前响应中的访问控制允许标头不允许请求标头字段授权,php,angular,laravel,cors,Php,Angular,Laravel,Cors,我的LaravelAPI和Angular客户端应用程序之间存在CORS问题 这是我的cors中间件 public function handle($request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin', 'http://localhost:4200') ->header('Access-Con
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://localhost:4200')
->header('Access-Control-Allow-Credentials', 'true')
->header('Access-Control-Allow-Methods', 'GET,HEAD,OPTIONS,POST,PUT"')
->header('Access-Control-Allow-Headers', 'Origin, Content-Type'); }
}
我得到以下错误
CORS策略已阻止从源“”访问“”处的XMLHttpRequest:飞行前响应中的访问控制允许标头不允许请求标头字段授权
网络响应给我一个200响应代码。所以我会发布我得到的标题
Angular在本地主机上:4200
拉威尔在127.0.0.1:8000
bootstrap/app.php
<?php
/*
|--------------------------------------------------------------------------
| Create The Application
|--------------------------------------------------------------------------
|
| The first thing we will do is create a new Laravel application instance
| which serves as the "glue" for all the components of Laravel, and is
| the IoC container for the system binding all of the various parts.
|
*/
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
/*
|--------------------------------------------------------------------------
| Bind Important Interfaces
|--------------------------------------------------------------------------
|
| Next, we need to bind some important interfaces into the container so
| we will be able to resolve them when needed. The kernels serve the
| incoming requests to this application from both the web and CLI.
|
*/
$app->singleton(
Illuminate\Contracts\Http\Kernel::class,
App\Http\Kernel::class
);
$app->singleton(
Illuminate\Contracts\Console\Kernel::class,
App\Console\Kernel::class
);
$app->singleton(
Illuminate\Contracts\Debug\ExceptionHandler::class,
App\Exceptions\Handler::class
);
// $app->middleware([
// Vluzrmos\LumenCors\CorsMiddleware
// ]);
/*
|--------------------------------------------------------------------------
| Return The Application
|--------------------------------------------------------------------------
|
| This script returns the application instance. The instance is given to
| the calling script so we can separate the building of the instances
| from the actual running of the application and sending responses.
|
*/
return $app;
您缺少将“授权”添加到“访问控制允许标头”
->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Authorization');
如果您的问题仍然存在,您可能会实施您缺少将“授权”添加到“访问控制允许标头”中
->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Authorization');
如果问题仍然存在,您可以实施尝试进行以下更正
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token, Authorization');
}
在迁移到生产环境时(出于安全原因),请记住将星号(*)更改为您的生产URL。请尝试进行以下更正
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token, Authorization');
}
请记住将星号(*)更改为生产URL,当迁移到生产时(出于安全原因)您应该在访问控制允许标题中添加X-request-With
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://localhost:4200')
->header('Access-Control-Allow-Credentials', 'true')
->header('Access-Control-Allow-Methods', 'GET, HEAD, OPTIONS, POST, PUT')
->header('Access-Control-Max-Age', '3600')
->header('Access-Control-Allow-Headers', 'Origin, Accept, Content-Type, X-Requested-With'); }
}
您应该在访问控制允许标题中添加X-request-With
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://localhost:4200')
->header('Access-Control-Allow-Credentials', 'true')
->header('Access-Control-Allow-Methods', 'GET, HEAD, OPTIONS, POST, PUT')
->header('Access-Control-Max-Age', '3600')
->header('Access-Control-Allow-Headers', 'Origin, Accept, Content-Type, X-Requested-With'); }
}
尽管我的源代码是localhost not>访问位于“”的XMLHttpRequest(从“”重定向),但我现在收到以下错误来自原点的“null”已被CORS策略阻止:对飞行前请求的响应未通过访问控制检查:当请求的凭据模式为“包括”时,响应中的“访问控制允许原点”标头的值不得为通配符“”。XMLHttpRequest启动的请求的凭据模式由withCredentials属性控制。确定设置->头('Access-Control-Allow-Origin','*'))我必须改变这一点,因为之前我遇到了这个错误>当请求的凭据模式为“包含”时,响应中的“访问控制允许来源”头的值不能是通配符“*”。在这种情况下,这可能是一个更好的选择。我已经尝试了cors的spatie包,但仍然遇到错误。这实际上是一个笑话。我尽管我的源代码是localhost not>访问位于“”的XMLHttpRequest(已从“”重定向),但立即获取以下错误来自原点的“null”已被CORS策略阻止:对飞行前请求的响应未通过访问控制检查:当请求的凭据模式为“包括”时,响应中的“访问控制允许原点”标头的值不得为通配符“”。XMLHttpRequest启动的请求的凭据模式由withCredentials属性控制。确定设置->头('Access-Control-Allow-Origin','*'))我必须改变这一点,因为之前我遇到了这个错误>当请求的凭据模式为“包含”时,响应中的“访问控制允许来源”头的值不能是通配符“*”。在这种情况下,这可能是一个更好的选择。我尝试了cors的spatie包,但仍然遇到错误。这实际上是一个笑话。