Laravel CORS水果蛋糕 [英] Laravel CORS with Fruitcake

问题描述

我使用 laravel 后端进行反应项目...我遇到了 CORS 问题，我在下面的链接中进行了所有操作，

Laravel 6 CORS政策API问题
，但仍然无法正常工作。

cors.php：

 'paths'=> [’api / *’]，
 
 / * 
 *匹配请求方法。 `[*]`允许所有方法。 
 * / 
‘allowed_methods’=> [’*’]，
 
 / * 
 *匹配请求来源。 `[*]`允许所有起源。 
 * / 
‘allowed_origins’=> ['*']，
 
 / * 
 *与请求来源匹配，类似于`Request :: is（）`
 * / 
'allowed_origins_patterns' => []，
 
 / * 
 *设置Access-Control-Allow-Headers响应标头。 `[*]`允许所有标题。 
 * / 
‘allowed_headers’=> [’*’]，
 
 / * 
 *设置Access-Control-Expose-Headers响应标头。 
 * / 
‘exposed_headers’=> false，
 
 / * 
 *设置Access-Control-Max-Age响应头。 
 * / 
‘max_age’=> false，
 
 / * 
 *设置Access-Control-Allow-Credentials标头。 
 * / 
‘supports_credentials’=> false，
  

而且，内核中间件是：

 受保护的$ middleware = [
 \App\Http\Middleware\TrustProxies :: class，
\App\Http\Middleware\CheckForMaintenanceMode :: class， 
 \Illuminate\Foundation\Http\Middleware\ValidatePostSize :: class，
\App\Http\Middleware\TrimStrings :: class，
\Illuminate \基金会\Http\中间件\ConvertEmptyStringsToNull :: class，
 
 \Fruitcake\Cors\HandleCors :: class，
]; 
  

还有什么问题？

解决方案

使用 fruitcake / laravel-cors 时有一些陷阱：

• 将 HandleCors 中间件放在 app / Http / Kernel.php << c $ c> $ middleware 的顶部/ code>：

 受保护的$ middleware = [
 \Fruitcake\Cors\HandleCors :: class，
\App\Http\中间件\TrustProxies :: class，
\App\Http\中间件\CheckForMaintenanceMode :: class，
 \Illuminate\Foundation\Http\Middleware\ValidatePostSize :: class，
\App\Http\Middleware\TrimStrings :: class，
 \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull :: class，
]; 
  

将其放在底部或介于两者之间的位置将不起作用，因为其他优先级更高的中间件可能会拒绝请求。 / p>

• 不要不在控制器中死亡或退出。

例如，以下操作将无效：

  Route :: get（'/ cors-test'，function （）{
 dd（这行不通）; 
}）； 
  

因为 Fruitcake\Cors\HandleCors :: handle 方法添加相关标头之后处理请求：

水果蛋糕\Cors\HandleCors.php

 公共函数句柄（$ request，闭包$ next）
 {
 // ---省略
 
 //处理请求
 $ response = $ next（$ request）; //< ---如果您在这里死亡
 
 if（$ request-> getMethod（）==='OPTIONS'）{
 $ this-> cors-> VariantHeader（$ response，'Access-Control-Request-Method'）; 
} 
 
 //您永远不会到达这里
 return $ this-> addHeaders（$ request，$ response）; 
} 
  

• 更改 app /后清除配置缓存config / cors.php ：

  $ php artisan config：cache 
  

I make react project with laravel Back-end ... I have a CORS problem, I do everything like on link below, with fruitcake.

Laravel 6 CORS policy issue with API but still not working.

cors.php:

        'paths' => ['api/*'],

    /*
    * Matches the request method. `[*]` allows all methods.
    */
    'allowed_methods' => ['*'],

    /*
     * Matches the request origin. `[*]` allows all origins.
     */
    'allowed_origins' => ['*'],

    /*
     * Matches the request origin with, similar to `Request::is()`
     */
    'allowed_origins_patterns' => [],

    /*
     * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
     */
    'allowed_headers' => ['*'],

    /*
     * Sets the Access-Control-Expose-Headers response header.
     */
    'exposed_headers' => false,

    /*
     * Sets the Access-Control-Max-Age response header.
     */
    'max_age' => false,

    /*
     * Sets the Access-Control-Allow-Credentials header.
     */
    'supports_credentials' => false,

And, kernel middle-ware is:

        protected $middleware = [
        \App\Http\Middleware\TrustProxies::class,
        \App\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,

        \Fruitcake\Cors\HandleCors::class,
    ];

what else could be the problem?

解决方案

Here are some gotchas when using fruitcake/laravel-cors:

• Put HandleCors middleware at the top of $middleware in app/Http/Kernel.php:

protected $middleware = [
    \Fruitcake\Cors\HandleCors::class,
    \App\Http\Middleware\TrustProxies::class,
    \App\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];

Putting it at the bottom or somewhere between won't work because requests might be rejected by other middlewares with higher priority.

• Do NOT die or exit in controller.

For example the following won't work:

Route::get('/cors-test', function() {
   dd("This won't work");
});

Because Fruitcake\Cors\HandleCors::handle method adds relevant headers AFTER handling request:

Fruitcake\Cors\HandleCors.php

public function handle($request, Closure $next)
{
    // --- omitted

    // Handle the request
    $response = $next($request); // <--- if you die here

    if ($request->getMethod() === 'OPTIONS') {
        $this->cors->varyHeader($response, 'Access-Control-Request-Method');
    }
    
    // you will never reach here
    return $this->addHeaders($request, $response);
}

• Clear config cache after changing app/config/cors.php:

$ php artisan config:cache

这篇关于Laravel CORS水果蛋糕的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！