在生产服务器上使用 Laravel 7 时出现 CORS 策略错误

Question

我在 Laravel 7 上遇到错误

Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' from origin 'https://my.site.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://127.0.0.1:8000' that is not equal to the supplied origin.

它在本地主机上运行，​​但是当我在生产服务器上运行时出现错误。

我不明白为什么在生产服务器上将“Access-Control-Allow-Origin”标头设置为“http://127.0.0.1:8000”。

这是我的 config/cors.php（我也试过 'paths' => ['*']）

'paths' => [],

'allowed_methods' => ['*'],

'allowed_origins' => ['*'],

'allowed_origins_patterns' => [],

'allowed_headers' => ['*'],

'exposed_headers' => false,

'max_age' => false,

'supports_credentials' => false,

Http/Kernel.php

protected $middleware = [
    \Fruitcake\Cors\HandleCors::class,
    \App\Http\Middleware\CheckForMaintenanceMode::class,
    \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
    \App\Http\Middleware\TrimStrings::class,
    \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
    \App\Http\Middleware\TrustProxies::class,
    \App\Http\Middleware\SetLocale::class
];

config/app.php

'providers' => [

    /*
     * Laravel Framework Service Providers...
     */
    Illuminate\Auth\AuthServiceProvider::class,
    Illuminate\Broadcasting\BroadcastServiceProvider::class,
    ...
    ...
    Fruitcake\Cors\CorsServiceProvider::class
],

Answer 1

注意：对于 allowed_origins ，您必须在不使用通配符时包含该方案，例如。 ['http://example.com', 'https://example.com']。您还必须考虑到使用 allowed_origins_patterns 时会出现该方案。

参考：https://github.com/fruitcake/laravel-cors#options