一、在app目录下新建middleware目录,再建Cors.php文件,内容如下:
<?php
// app/middleware/Cors.php
declare(strict_types=1);
namespace app\middleware;
class Cors
{
/**
* 处理请求
* @param \think\Request $request
* @param \Closure $next
* @return \think\Response
*/
public function handle($request, \Closure $next)
{
// 设置跨域头
$origin = $request->header('origin', '');
header('Access-Control-Allow-Origin: ' . $this->getAllowOrigin($origin));
header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');
header('Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,X-Token,Accept');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400');
// 如果是预检请求,直接返回
if ($request->method() === 'OPTIONS') {
return response()->code(200);
}
return $next($request);
}
/**
* 获取允许的源
* @param string $origin
* @return string
*/
protected function getAllowOrigin(string $origin): string
{
$allowOrigins = [
'http://localhost:8080',
'http://localhost:3000',
'https://yourdomain.com'
];
if (in_array($origin, $allowOrigins)) {
return $origin;
}
// 生产环境建议返回具体的域名,而不是 *
return config('app.debug') ? $origin : $allowOrigins[0] ?? '*';
}
}
二、在全局中间件配置app/middleware.php里添加以下代码“\app\middleware\Cors::class”,,如下图所示:
下一篇:没有了
讨论数量:0