laravel 5.1 access-control-origin 对于 restFull api

Question

我正在使用 Laravel 5.1 开发 RESTful API。我的端点在 Postman 上正常工作。但是当我将它与 front-end 集成时，它会出现以下错误。

XMLHttpRequest cannot load http://ideahubapi.dev/api/v1/users/register.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://ideahubfront.dev' is therefore not allowed to access.
The response had HTTP status code 500.

我尝试了以下方法。

(1) 创建核心 middle-ware.

 <?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    public function handle($request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
            ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With');
    }
}

将其添加到 kernal.php

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \App\Http\Middleware\Cors::class,
    ];

    /**
     * The application's route middleware.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'web' => \App\Http\Middleware\VerifyCsrfToken::class,
        'cors' => \App\Http\Middleware\Cors::class,
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    ];
}

和routes.php

Route::group(['middleware' => ['web', 'core'], 'prefix' => 'api/v1'], function(){

    // get single user by user id
    Route::get('getuserbyid/{user_id}', 'UserController@getSingleUserById');

    Route::post('users/register', 'UserController@register');

});

在那之后选项请求起作用了。但是post请求还是一样。

(2) 手动将 headers 添加到控制器 return。像这样。

return response()->json([$user, $merchant], 200)
                ->header('Access-Control-Allow-Origin', '*')
                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
                ->header('Access-Control-Allow-Headers', 'Cache-Control, Connection, Date, Server, Content-Type, User-Agent,  Accept, Referer, Authorization,Origin,  Accept-Encoding, Content-Length, Host, Connection,  X-Requested-With');

运气不好。伙计们请帮助我。我为此而死。我的客户希望看到注册。我坚持这个。

Answer 1

改变

Route::group(['middleware' => ['web', 'core']

到

Route::group(['middleware' => ['web', 'cors']

它不起作用，因为它与内核中的不匹配。

Answer 2

CORS 是你的诅咒的名字，这是一个解决方案：https://github.com/barryvdh/laravel-cors

laravel 5.1 access-control-origin 对于 restFull api

laravel 5.1 access-control-origin for restFull api

php

laravel

laravel-5.1