如何在PHP/Laravel5中設定CORS header
CORS是什麼?
CORS(Cross-Origin Resource Sharing)簡單來說就是跨網站資源存取,出於安全性必須要在伺服端加入 header 這樣 javascript 的請求才不會被封鎖PHP 寫法
<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept'); // code here
Laravel 寫法
建立中間件$ php artisan make:middleware CorsCors.php
<?php namespace App\Http\Middleware; use Closure; class Cors { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin' , '*') ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE') ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With'); } }到Kernel.php註冊
protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'cors' => \App\Http\Middleware\Cors::class, // <<< add this line ];在路由中像一般middleware使用
//api Route::group(['prefix' => 'api', 'middleware' => 'cors'],function(){ }
關鍵字
No 'Access-Control-Allow-Origin' header is present on the requested resource
laravel CORS header
PHP CORS header
參考
http://en.vedovelli.com.br/2015/web-development/Laravel-5-1-enable-CORS/https://blog.toright.com/posts/3205/%E5%AF%A6%E4%BD%9C-cross-origin-resource-sharing-cros-%E8%A7%A3%E6%B1%BA-ajax-%E7%99%BC%E9%80%81%E8%B7%A8%E7%B6%B2%E5%9F%9F%E5%AD%98%E5%8F%96-request.html
留言
張貼留言