我在Laravel 7上,我发现了错误
Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' from origin 'https://my.site.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin.
它在localhost上运行,但当我在生产服务器上运行时,错误就出现了。
我不明白为什么在生产服务器上将“Access-Control-Allow-Origin”标头设置为“http://127.0.0.1:8000”。
这是我的config/cors.php(我还尝试了'paths'=>['*'])
'paths' => [],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => false,
'max_age' => false,
'supports_credentials' => false,
HTTP/kernel.php
protected $middleware = [
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\SetLocale::class
];
config/app.php
'providers' => [
/*
* Laravel Framework Service Providers...
*/
Illuminate\Auth\AuthServiceProvider::class,
Illuminate\Broadcasting\BroadcastServiceProvider::class,
...
...
Fruitcake\Cors\CorsServiceProvider::class
],
注意:对于allowed_origins,当不使用通配符时,必须包含该方案。 ['http://example.com‘,’https://example.com']。 您还必须考虑到,当使用ALLOWED_ORIGINS_PATTERNS时,该方案将会出现。
参考:https://github.com/fruitcake/laravel-cors#选项
