Laravel 上的 CORS (Access-Control-Allow-Origin)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38749605/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CORS (Access-Control-Allow-Origin) on Laravel
提问by Mateus Vitali
I created an application in AngularJS and I'm trying to make calls to the Laravel API:
我在 AngularJS 中创建了一个应用程序,并尝试调用 Laravel API:
- MyApp (AngularJS): http://localhost:8080/
- API (Laravel Boilerplate): http://localhost:8000/
- MyApp (AngularJS): http://localhost:8080/
- API(Laravel 样板):http://localhost:8000/
I use Laravel API Boilerplate (JWT Edition)to API.
我使用 Laravel API Boilerplate(JWT 版)到 API。
But I get this error in the browser console:
但是我在浏览器控制台中收到此错误:
XMLHttpRequest cannot load http://localhost:8000/api/auth/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
XMLHttpRequest 无法加载http://localhost:8000/api/auth/login。请求的资源上不存在“Access-Control-Allow-Origin”标头。因此,不允许访问Origin ' http://localhost:8080'。
I tried to apply the cors middleware (barryvdh/laravel-cors) in api_routes.php but the error remains.
我尝试在 api_routes.php 中应用 cors 中间件 (barryvdh/laravel-cors),但错误仍然存在。
api_routes.php:
api_routes.php:
<?php
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', ['middleware' => 'cors'], function ($api) {
$api->post('auth/login', 'App\Api\V1\Controllers\AuthController@login');
$api->post('auth/signup', 'App\Api\V1\Controllers\AuthController@signup');
$api->post('auth/recovery', 'App\Api\V1\Controllers\AuthController@recovery');
$api->post('auth/reset', 'App\Api\V1\Controllers\AuthController@reset');
// example of protected route
$api->get('protected', ['middleware' => ['api.auth'], function () {
return \App\User::all();
}]);
// example of free route
$api->get('free', function() {
return \App\User::all();
});
});
回答by Ohgodwhy
I'm completely wrong about this implementation. The originheader has a specific placement case in Laravel, where other headers can be defined in Middleware, the originheader cannot.
我对这个实现完全错误。的origin报头具有在Laravel,其中其它标题可以在中间件被定义的特定位置的情况下,origin报头不能。
Instead, you need to add this to the top of your main routes.phpfile:
相反,您需要将其添加到主routes.php文件的顶部:
header('Access-Control-Allow-Origin: http://localhost:8080');
回答by Dallas Caley
I don't fully understand this, but when i want cross browser access i add a .htaccess file into the folder where my endpoint is with the following in it:
我不完全理解这一点,但是当我想要跨浏览器访问时,我将一个 .htaccess 文件添加到我的端点所在的文件夹中,其中包含以下内容:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
回答by Miad Abrin
you should add an nginx virtual host pointing to your api with a proxy pass. essentially you need to make sure both your front and backend are fed from the same domain
您应该添加一个指向您的 api 的 nginx 虚拟主机,并使用代理传递。基本上你需要确保你的前端和后端都来自同一个域
回答by Shirantha Madusanka
回答by user3563059
Add this on top of routes.phpfile or api.phpfile depending on where you have placed your routes:
根据您放置路由的位置,将此添加到routes.php文件或api.php文件的顶部:
header('Access-Control-Allow-Origin: http://localhost:8080');
header('Access-Control-Allow-Headers: origin, x-requested-with, content-type');
header('Access-Control-Allow-Methods: PUT, GET, POST, DELETE, OPTIONS');
Adding these 3 lines in the site where you are making the request to, solves the CORS problem. The above will allow JS running on http://localhost:8080to make request to the backend which contains the above lines.
在您发出请求的站点中添加这 3 行,解决了 CORS 问题。以上将允许在http://localhost:8080上运行的 JS向包含上述行的后端发出请求。
The answer is inspired from @Dallas Caley's answer.
答案的灵感来自@Dallas Caley 的答案。
