Laravel CORS水果蛋糕 [英] Laravel CORS with Fruitcake
问题描述
我使用 laravel 后端进行反应项目...我遇到了 CORS 问题,我在下面的链接中进行了所有操作,
Laravel 6 CORS政策API问题
,但仍然无法正常工作。
cors.php:
'paths'=> [’api / *’],
/ *
*匹配请求方法。 `[*]`允许所有方法。
* /
‘allowed_methods’=> [’*’],
/ *
*匹配请求来源。 `[*]`允许所有起源。
* /
‘allowed_origins’=> ['*'],
/ *
*与请求来源匹配,类似于`Request :: is()`
* /
'allowed_origins_patterns' => [],
/ *
*设置Access-Control-Allow-Headers响应标头。 `[*]`允许所有标题。
* /
‘allowed_headers’=> [’*’],
/ *
*设置Access-Control-Expose-Headers响应标头。
* /
‘exposed_headers’=> false,
/ *
*设置Access-Control-Max-Age响应头。
* /
‘max_age’=> false,
/ *
*设置Access-Control-Allow-Credentials标头。
* /
‘supports_credentials’=> false,
而且,内核中间件是:
受保护的$ middleware = [
\App\Http\Middleware\TrustProxies :: class,
\App\Http\Middleware\CheckForMaintenanceMode :: class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize :: class,
\App\Http\Middleware\TrimStrings :: class,
\Illuminate \基金会\Http\中间件\ConvertEmptyStringsToNull :: class,
\Fruitcake\Cors\HandleCors :: class,
];
还有什么问题?
使用 fruitcake / laravel-cors
时有一些陷阱:
- 将
HandleCors
中间件放在app / Http / Kernel.php << c $ c> $ middleware
的顶部/ code>:
受保护的$ middleware = [
\Fruitcake\Cors\HandleCors :: class,
\App\Http\中间件\TrustProxies :: class,
\App\Http\中间件\CheckForMaintenanceMode :: class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize :: class,
\App\Http\Middleware\TrimStrings :: class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull :: class,
];
将其放在底部或介于两者之间的位置将不起作用,因为其他优先级更高的中间件可能会拒绝请求。 / p>
- 不要不在控制器中死亡或退出。
例如,以下操作将无效:
Route :: get('/ cors-test',function (){
dd(这行不通);
});
因为 Fruitcake\Cors\HandleCors :: handle
方法添加相关标头之后处理请求:
公共函数句柄($ request,闭包$ next)
{
// ---省略
//处理请求
$ response = $ next($ request); //< ---如果您在这里死亡
if($ request-> getMethod()==='OPTIONS'){
$ this-> cors-> VariantHeader($ response,'Access-Control-Request-Method');
}
//您永远不会到达这里
return $ this-> addHeaders($ request,$ response);
}
- 更改
app /后清除配置缓存config / cors.php
:
$ php artisan config:cache
I make react project with laravel Back-end ... I have a CORS problem, I do everything like on link below, with fruitcake.
Laravel 6 CORS policy issue with API but still not working.
cors.php:
'paths' => ['api/*'],
/*
* Matches the request method. `[*]` allows all methods.
*/
'allowed_methods' => ['*'],
/*
* Matches the request origin. `[*]` allows all origins.
*/
'allowed_origins' => ['*'],
/*
* Matches the request origin with, similar to `Request::is()`
*/
'allowed_origins_patterns' => [],
/*
* Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
*/
'allowed_headers' => ['*'],
/*
* Sets the Access-Control-Expose-Headers response header.
*/
'exposed_headers' => false,
/*
* Sets the Access-Control-Max-Age response header.
*/
'max_age' => false,
/*
* Sets the Access-Control-Allow-Credentials header.
*/
'supports_credentials' => false,
And, kernel middle-ware is:
protected $middleware = [
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\Fruitcake\Cors\HandleCors::class,
];
what else could be the problem?
Here are some gotchas when using fruitcake/laravel-cors
:
- Put
HandleCors
middleware at the top of$middleware
inapp/Http/Kernel.php
:
protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
Putting it at the bottom or somewhere between won't work because requests might be rejected by other middlewares with higher priority.
- Do NOT die or exit in controller.
For example the following won't work:
Route::get('/cors-test', function() {
dd("This won't work");
});
Because Fruitcake\Cors\HandleCors::handle
method adds relevant headers AFTER handling request:
public function handle($request, Closure $next)
{
// --- omitted
// Handle the request
$response = $next($request); // <--- if you die here
if ($request->getMethod() === 'OPTIONS') {
$this->cors->varyHeader($response, 'Access-Control-Request-Method');
}
// you will never reach here
return $this->addHeaders($request, $response);
}
- Clear config cache after changing
app/config/cors.php
:
$ php artisan config:cache
这篇关于Laravel CORS水果蛋糕的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!