如何在 Laravel 中使用 auth:api 护照中间件添加 CORS 中间件？

Question

我已将 Laravel Passport 用于经过身份验证的端点。我正面临这些 API 的 CORS 问题。

在 app/Http/Middleware/Cors.php 中

<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', "*")
                ->header('Access-Control-Allow-Methods', "PUT,POST,DELETE,GET,OPTIONS")
                ->header('Access-Control-Allow-Headers', "Accept,Authorization,Content-Type");
    }
}

在app/Http/Kernel.php中，添加到中间件数组中

\App\Http\Middleware\Cors::class,

在路由/api.php中，

Route::post('auth/login', 'PassportController@login'); //working 
Route::middleware('auth:api')->group(function () {
Route::get('vehicle/all', 'VehicleController@getVehicles'); //not working: facing CORS error
});

我已使用 auth:api (Laravel 护照) 进行授权。我面临 auth:api 组中端点的 CORS 错误。像“auth/login”这样的组外端点工作正常。 如何处理 Route::middleware('auth:api') 组内的 cors 错误？

Answer 1

您需要指定允许的域，通配符'*'不再被浏览器接受。

如果您有多个域调用您的 api，您可以使用 $_SERVER['HTTP_HOST'] 使其动态化

<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $domain = $request->getHost();
        // or $domain =  $_SERVER['HTTP_HOST'];
        return $next($request)
            ->header('Access-Control-Allow-Origin', $domain)
                ->header('Access-Control-Allow-Methods', "PUT,POST,DELETE,GET,OPTIONS")
                ->header('Access-Control-Allow-Headers', "Accept,Authorization,Content-Type");
    }
}