前后端项目跨域访问时会遇到此问题,解决方法如下:
创建一个中间件
php artisan make:middleware EnableCrossRequestMiddleware
该中间件的文件路径为:app/Http/Middleware/EnableCrossRequestMiddleware.php
中间件 EnableCrossRequestMiddleware
内容如下:
<?php
/**
* 跨域设置
*/
namespace AppHttpMiddleware;
use Closure;
use IlluminateHttpResponse;
class EnableCrossRequestMiddleware
{
/**
* Handle an incoming request.
*
* @param IlluminateHttpRequest $request
* @param Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$response = $next($request);
$origin = $request->server('HTTP_ORIGIN') ? $request->server('HTTP_ORIGIN') : '';
$allow_origin = config('origin.allowed');
if (in_array($origin, $allow_origin)) {
$response->header('Access-Control-Allow-Origin', $origin);
$response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
$response->header('Access-Control-Expose-Headers', 'Authorization, authenticated');
$response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
$response->header('Access-Control-Allow-Credentials', 'true');
}
return $response;
}
}
在 app/Http/Kernal.php
文件中将其注册为全局中间件
namespace AppHttp;
use AppHttpMiddlewareAuthenticateMain;
use AppHttpMiddlewareAuthenticateSeller;
use AppHttpMiddlewareAuthenticateUser;
use IlluminateFoundationHttpKernel as HttpKernel;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array
*/
protected $middleware = [
AppHttpMiddlewareCheckForMaintenanceMode::class,
IlluminateFoundationHttpMiddlewareValidatePostSize::class,
AppHttpMiddlewareTrimStrings::class,
IlluminateFoundationHttpMiddlewareConvertEmptyStringsToNull::class,
AppHttpMiddlewareTrustProxies::class,
AppHttpMiddlewareEnableCrossRequestMiddleware::class, // 添加这一行将其注册为全局中间件
];
}
增加配置文件app/config/origin.php
,内容为允许的域名
<?php
return [
'allowed' => [
'http://test.example.com',
'http://test-fe.example.com:8080'
]
];
PS - 个人博客原文:Laravel 5.7 No 'Access-Control-Allow-Origin' header is present on the request resource