我的 Laravel 应用程序遇到 CORS 问题。我有一个自定义 CORS 中间件 (OwnCors),用于处理 CORS 请求。尽管将其配置为允许凭据,但我面临着 Access-Control-Allow-Credentials 标头设置不正确的问题。
这是我的 OwnCors 中间件类:
class OwnCors
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");
$headers = [
'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization'
];
if ($request->getMethod() == "OPTIONS") {
return response('OK')
->withHeaders($headers);
}
$response = $next($request);
foreach ($headers as $key => $value)
$response->header($key, $value);
return $response;
}
}
这是我的 CORS 配置(config/cors.php):
<?php
return [
'paths' => ['api/*', 'api/admin/*','*'],
'allowed_methods' => ['POST', 'GET', 'DELETE', 'PUT', '*'],
'allowed_origins' => ['http://localhost:3000','https://personaltrainerkmm.com','https://traning-app.vercel.app','*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
尽管设置 'supports_credentials' => true,但响应中的 Access-Control-Allow-Credentials 标头未正确设置。相反,它是空的。
我从 https://fitnesspt.personaltrainerkmm.com 上托管的前端向 https://personaltrainerkmm.com 上托管的后端发出请求。
如何确保 Laravel 在响应中正确将 Access-Control-Allow-Credentials 标头设置为 true 以解决此 CORS 问题?
任何帮助或见解将不胜感激。谢谢!
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class OwnCors
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, Authorization');
}
}
要加载这个中间件,我们需要在 app/Http/Kernel.php 的
$routeMiddleware
数组中添加一行:
'own.cors' => \App\Http\Middleware\OwnCors::class,
此外,我们还必须将其添加到
$middleware
数组中,就像我们对之前的中间件所做的那样:
\App\Http\Middleware\OwnCors::class,