laravel 5.1 restFul api 的访问控制来源

Question

我正在使用 Laravel 5.1 开发 RESTful API。我的端点在 Postman 上正常工作。但是当我将它与前端集成时，它就会出现错误。

XMLHttpRequest 无法加载 http://ideahubapi.dev/api/v1/users/register。
请求中不存在“Access-Control-Allow-Origin”标头 资源。
因此，Origin 'http://ideahubfront.dev' 是不允许的 访问。
响应的 HTTP 状态代码为 500。

我尝试了以下方法。

(1) 创建核心中间件。

 <?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    public function handle($request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
            ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With');
    }
}

将其添加到 kernal.php

<?php

namespace App\Http;

use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */
    protected $middleware = [
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \App\Http\Middleware\Cors::class,
    ];

    /**
     * The application's route middleware.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'web' => \App\Http\Middleware\VerifyCsrfToken::class,
        'cors' => \App\Http\Middleware\Cors::class,
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    ];
}

到 routes.php

Route::group(['middleware' => ['web', 'core'], 'prefix' => 'api/v1'], function(){

    // get single user by user id
    Route::get('getuserbyid/{user_id}', 'UserController@getSingleUserById');

    Route::post('users/register', 'UserController@register');

});

在那之后选项请求起作用了。但是发布请求仍然相同。

(2) 手动向控制器返回添加标题。像这样。

return response()->json([$user, $merchant], 200)
                ->header('Access-Control-Allow-Origin', '*')
                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
                ->header('Access-Control-Allow-Headers', 'Cache-Control, Connection, Date, Server, Content-Type, User-Agent,  Accept, Referer, Authorization,Origin,  Accept-Encoding, Content-Length, Host, Connection,  X-Requested-With');

没有运气。伙计们请帮助我。我为此而死。我的客户希望看到注册。我被困在这上面了。

Answer 1

改变

Route::group(['middleware' => ['web', 'core']

到

Route::group(['middleware' => ['web', 'cors']

它不起作用，因为它与内核中的不匹配。

Answer 2

CORS 是你的诅咒名称，这里有一个解决方案：https://github.com/barryvdh/laravel-cors