Laravel CORS公共文件问题 [英] Laravel CORS issue for public files
问题描述
我正在尝试从Angular访问日志文件URL,但显示以下错误:
I am trying to access a log file URL from Angular, but it is showing the following error:
Access to XMLHttpRequest at 'https://myurl.com/storage/rmlogs/MyFileNameDetail.log' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
所有API请求都可以正常工作,并且错误仅适用于文件请求.我的文件存储在 rmlogs 目录中,该目录位于 storage/app/public/rmlogs 中,并且链接到公用文件夹.
All the API requests are working perfectly fine and the error is only for the file requests. I have my files stored inside rmlogs directory which is in storage/app/public/rmlogs and it is linked to the public folder.
API代码库是Laravel,文件存储在 storage 目录中.我可以通过浏览器以及Postman访问该文件.由于该URL是公开可用的,因此不需要身份验证令牌,我将其传递给其他API请求.
The API codebase is Laravel and the files are stored in storage directory. I am able to access the file through browser as well as Postman. As the URL is publicly available, it doesn't need Authentication Token, which I am passing for other API requests.
我有 cors.php 配置文件,如下所示:
I have the cors.php configuration file as follows:
<?php
return [
/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
并具有如下所示的 Cors.php 中间件:
and has a Cors.php middleware as given below:
<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
推荐答案
通过此博客:
有可用的软件包,这些软件包允许将CORS标头添加到从Laravel API发送的响应中.他们通过将中间件应用于所有API路由来实现.但是,此类中间件未应用于公共目录,并且通常是诸如用户头像图像之类的资源的存储位置.因此,当这些资源返回到浏览器时,它们没有应用必要的CORS标头.
there are packages available that allow for adding CORS headers to responses sent from a Laravel API. They do so by applying middleware to all of the API’s routes. However, such middleware is not applied to the public directory, and that is often the storage location for resources such as user avatar images. Therefore, when those resources are returned to the browser, they do not have the necessary CORS headers applied.
因此,您需要使用其他方法来应用标题.使用HTTP服务器的配置文件可能最容易做到这一点.
So you need to apply the headers using some other method. This is probably most easily done using your HTTP server's configuration files.
您已经标记了此 apache 的问题,因此您可以设置:
You've tagged this apache so you can set:
Header set Access-Control-Allow-Origin "*"
在您的配置文件中.
例如:
<Location "/storage/rmlogs/">
Header set Access-Control-Allow-Origin "*"
</Location>
您还可以将 Header 指令放在 a .htaccess 文件,但是不建议这样做:
You could also put the Header directive in a .htaccess file, but this isn't recommended:
如果可以访问httpd主服务器配置文件,则应完全避免使用.htaccess文件.使用.htaccess文件会降低Apache http服务器的速度.可以在.htaccess文件中包含的任何指令最好在Directory块中进行设置,因为它具有相同的效果和更好的性能.
You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.
如果您在共享主机上,则可能别无选择.
If you are on shared hosting, you might not have a choice though.
这篇关于Laravel CORS公共文件问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
