CORS

CORS on Nginx

The following Nginx configuration enables CORS, with support for preflight requests.

#
# Wide-open CORS config for nginx
#
location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
     }
}

Allow CORS in Laravel

When you have local development with some other applications trying to connect to your Laravel backend, you will notice errors CORS error on console. That means, you would need to setup CORS to be enabled for backend routes.

We achieve that by creating middleware

php artisan make:middleware Cors

Update the header returned in app/Http/Middleware/Cors.php

<?php
namespace App\Http\Middleware;
use Closure;
class Cors
{
  public function handle($request, Closure $next)
  {
    return $next($request)
      ->header("Access-Control-Allow-Origin", "*")
      ->header("Access-Control-Allow-Methods’, "GET, POST, PUT, DELETE, OPTIONS")
      ->header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, X-Token-Auth, Authorization");
  }
}

You should update the appropriate value in returning headers.

Then, register in app/Http/kernel.php

protected $routeMiddleware = [
  "auth" => \App\Http\Middleware\Authenticate::class,
  "auth.basic" => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
  "guest" => \App\Http\Middleware\RedirectIfAuthenticated::class,
  "cors" => \App\Http\Middleware\Cors::class, // <-- add this line
];

Finally, any route that you want to enable CORS, just add this middleware on route registration.

Then, add test routers in routes/api.php

// http://docker.local/api/v1/base
// without auth
Route::group(['prefix' => 'v1',  'middleware' => ['api', 'cors']], function () {
 Route::get('/base', 'Controller@base')->name('api.v1.base');
});

// with auth
Route::group(['prefix' => 'v1',  'middleware' => ['auth:api', 'cors']], function () {
 Route::get('/base', 'Controller@base')->name('api.v1.base');
});

发布者

迎迎 姚

关于,介词,引进某种行为的关系者,组成介词结构做状语或定语。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据