像在其他解决方案中一样尝试了很多东西
在route.php
header('Access-Control-Allow-Origin: http://www.campaignpulse.com/');
或者
header('Access-Control-Allow-Origin: www.campaignpulse.com/');
或者
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
Route::post('cors', ['middleware' => 'cors',function () { return response()->json(['message' =>'cors'], 200); } ]);
cors.php
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', 'http://www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', 'www.campaignpulse.com/')
or
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
}
内核。php
protected $middleware = [
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\Cors::class,
];
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'cors' => \App\Http\Middleware\Cors::class,
];
反应部分
return fetch('http://www.campaignserver.com:81/cors',
{
method: 'post',
credentials: "same-origin",
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': 'www.campaignpulse.com' },
}
).then(response => response.json())
.then(resData => {
console.log(resData)
})
错误是
CORS策略阻止了从来源http://www.campaignpulse.com获取http://www.campaignserver.com:81/cors的访问:对起飞前请求的响应不通过权限改造检查:请求的资源上没有访问控制允许来源标头。如果不透明的响应满足您的需求,请将请求的模式设置为no-cors,以在禁用CORS的情况下获取资源。
我还能尝试什么?请建议
浏览器发出的跨原点请求将向您的服务器发送飞行前选项请求,该请求必须至少返回访问控制允许原点标题。仅将其与对POST路由的响应一起返回是不够的。
我建议使用像这样的软件包https://github.com/barryvdh/laravel-cors提供CORS中间件和配置
还要注意,原点是主机名或通配符。
例如,ACAO标头的有效值
*没有URI部件
编辑
我必须自己更正,显然协议和端口是ACAO头的有效部分,这是有意义的
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
编辑2
要对此进行调试,请确保两个选项http://www.campaignserver.com:81/cors和发布http://www.campaignserver.com:81/cors
返回标题访问控制允许原点:http://www.campaignserver.com:81或访问控制允许原点:
