当 Access-Control-Allow-Credentials 标头设置不正确时,如何解决 Laravel 的 CORS 问题?

问题描述 投票:0回答:1

我的 Laravel 应用程序遇到 CORS 问题。我有一个自定义 CORS 中间件 (OwnCors),用于处理 CORS 请求。尽管将其配置为允许凭据,但我面临着 Access-Control-Allow-Credentials 标头设置不正确的问题。

这是我的 OwnCors 中间件类:

class OwnCors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        header("Access-Control-Allow-Origin: *");
        header("Access-Control-Allow-Credentials: true"); 

        $headers = [
            'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE',
            'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization'
        ];
        if ($request->getMethod() == "OPTIONS") {
            return response('OK')
                ->withHeaders($headers);
        }

        $response = $next($request);
        foreach ($headers as $key => $value)
            $response->header($key, $value);
        return $response;
    }
}

这是我的 CORS 配置(config/cors.php):

<?php

return [
    
    'paths' => ['api/*', 'api/admin/*','*'],

    'allowed_methods' => ['POST', 'GET', 'DELETE', 'PUT', '*'],

    'allowed_origins' => ['http://localhost:3000','https://personaltrainerkmm.com','https://traning-app.vercel.app','*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => true, 

];

尽管设置 'supports_credentials' => true,但响应中的 Access-Control-Allow-Credentials 标头未正确设置。相反,它是空的。

我从 https://fitnesspt.personaltrainerkmm.com 上托管的前端向 https://personaltrainerkmm.com 上托管的后端发出请求。

如何确保 Laravel 在响应中正确将 Access-Control-Allow-Credentials 标头设置为 true 以解决此 CORS 问题?

任何帮助或见解将不胜感激。谢谢!

laravel axios cors http-headers middleware
1个回答
0
投票
namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class OwnCors
{
       /**
       * Handle an incoming request.
       *
       * @param  \Closure(\Illuminate\Http\Request):     (\Symfony\Component\HttpFoundation\Response)  $next
       */
       public function handle(Request $request, Closure $next): Response
       {
             return $next($request)
                    ->header('Access-Control-Allow-Origin', '*')
                    ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
                    ->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, Authorization');
       }
}

要加载这个中间件,我们需要在 app/Http/Kernel.php 的 

$routeMiddleware
数组中添加一行:

'own.cors' => \App\Http\Middleware\OwnCors::class,

此外,我们还必须将其添加到 

$middleware
数组中,就像我们对之前的中间件所做的那样:

\App\Http\Middleware\OwnCors::class,
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.