Laravel 4.2-禁用选项响应的Set-Cookie标头 [英] Laravel 4.2 - Disabling Set-Cookie Header for OPTIONS responses

问题描述

我有一个使用Laravel构建的无状态API.我使用以下过滤器来防止Set-Cookie标头针对所有请求发送回请求者:

I have a stateless API built with Laravel. I use the following filter to prevent the Set-Cookie header from being sent back to the requester on all requests:

Route::filter('auth.firewall', function(){
    Config::set('session.driver', 'array');
});

我的API是从与其托管的子域不同的子域调用的，并且在任何RESTful请求之前，都会从客户端发送OPTIONS请求.根据对这些OPTIONS请求的响应，Laravel仍在发送Set-Cookie标头.

My API is called from a different sub-domain than the one it's hosted at and an OPTIONS request is sent from the client before any RESTful request. On the response to these OPTIONS requests, Laravel is still sending a Set-Cookie header.

如何为OPTIONS请求禁用Set-Cookie标头?我想仅对API而不对整个Laravel应用程序禁用Set-Cookie，因为我有一个站点运行相同的Laravel应用程序并使用Larave的会话功能.

How would I disable the Set-Cookie header for OPTIONS requests? I want to disable Set-Cookie for only the API and not the whole Laravel application since I have a site running off of the same Laravel app and using Larave's sessions capabilities.

这是我的标题设置当前的样子:

This is what my header settings currently look like:

App::before(function(){
    // Allow CORS requests
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
    header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
    header('Access-Control-Allow-Credentials: true');
});

推荐答案

我向App:before注册的回调函数中添加了$request->getMethod().如果请求是OPTIONS请求，则将会话驱动程序设置为array.

I added a $request->getMethod() to the callback function registered with App:before. If the request was an OPTIONS request, I set the session driver to array.

App::before(function($request){
    // Allow CORS requests
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
    header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
    header('Access-Control-Allow-Credentials: true');
    if($request->getMethod() == 'OPTIONS'){
        Config::set('session.driver', 'array');
    }
});

这篇关于Laravel 4.2-禁用选项响应的Set-Cookie标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！