后端配置了跨域請(qǐng)求但是前端一直跨域

wangsky522 2025-04-28

問(wèn)題描述

這里詳細(xì)描述問(wèn)題
后端配置了跨域請(qǐng)求但是前端一直跨域

程序代碼

 public function process(Request|\Webman\Http\Request $request, callable $handler): Response
    {
        // 設(shè)置 CORS 相關(guān)頭部
        $response = $handler($request);

        // 設(shè)置允許跨域的域名，* 表示允許所有域
        $response->withHeaders([
            'Access-Control-Allow-Origin' => '*',
            'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
            'Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept, Authorization',
            'Access-Control-Allow-Credentials' => 'true',
        ]);

        // 處理預(yù)檢請(qǐng)求（OPTIONS）
        if ($request->method() == 'OPTIONS') {
            return $response->withHeaders([
                'Access-Control-Allow-Origin' => '*',
                'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
                'Access-Control-Allow-Headers' => 'Origin, X-Requested-With, Content-Type, Accept, Authorization',
                'Access-Control-Max-Age' => '86400', // 預(yù)檢緩存時(shí)間，單位秒
            ]);
        }

        return $response;
    }

報(bào)錯(cuò)信息

 Access to XlLHttpReguest at 'http://app.xianggangkdhub. xyz/api/login’from origin
http://localhost:8080’ has been blocked by CokS policy: Response to preflight request doesn't pass access
control check: No ’Access-Control-Allow-0rigin’header is present on the requested resource.

 521  2 3

2個(gè)回答

jack10082009 2025-05-05

看一下有沒(méi)有使用Nginx轉(zhuǎn)發(fā)https到http，如果是的話可以配置Nginx實(shí)現(xiàn)預(yù)檢返回允許。

add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Credentials   'true';
add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
add_header Access-Control-Allow-Headers 'x-csrf-token,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
if ($request_method = 'OPTIONS') {return 200;}

我用的Nginx轉(zhuǎn)發(fā)，親測(cè)可用。

wangsky522 2025-05-14

本地也是這樣在同一個(gè)局域網(wǎng) 前端好像需要的配置代理，但是用fastadmin就不會(huì)碰到這種問(wèn)題
jack10082009 2025-05-26

這個(gè)跟在不在同一個(gè)局域網(wǎng)是沒(méi)有關(guān)系的，你說(shuō)fastadmin沒(méi)有這個(gè)問(wèn)題，說(shuō)明它在返回的response中添加了相關(guān)的cors頭。這個(gè)你可以查一下cors相關(guān)的東西。只有域名一樣端口一樣，才被認(rèn)定為同域。不同域的話，瀏覽器會(huì)先進(jìn)行option請(qǐng)求(預(yù)檢)，只有預(yù)檢返回的header中含有我剛剛貼上來(lái)的代碼這些header，才會(huì)發(fā)起正式請(qǐng)求。

TM 2025-05-06

如果使用了路由也需要在路由里面配置的Route::fallback(function(Request $request){
$response = strtoupper($request->method()) === 'OPTIONS' ?
response('', 204) : response(json(['code' => 404, 'message' => '沒(méi)有你想要的數(shù)據(jù),請(qǐng)檢查是否訪問(wèn)正確！']), 404);
$response->withHeaders([
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Allow-Origin' => "",
'Access-Control-Allow-Methods' => '',
'Access-Control-Allow-Headers' => '*',
]);
return $response;
// return json(['code' => 404, 'message' => '沒(méi)有你想要的數(shù)據(jù),請(qǐng)檢查是否訪問(wèn)正確！']);
});
好像是沒(méi)走到中間件的問(wèn)題