Laravel 飞行前 CORS

Question

我对 Laravel CORS 有疑问。我已经使用以下配置文件安装了barryvdh/laravel-cors 捆绑包：

'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['*'],
'allowedMethods' => ['PUT', 'GET', 'OPTIONS', 'POST', 'DELETE'],
'exposedHeaders' => [],
'maxAge' => 0,

我什至在我的 AppServiceProfider.php 文件中添加了以下几行

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,X-CSRF-TOKEN');
header('Access-Control-Allow-Methods: POST,GET,PUT,OPTIONS,DELETE');

我仍然无法在 Firefox 上发出 PUT 请求。我收到“Same Origin Policy”错误 - 在 CORS 标头“Access-Control-Allow-Methods”中找不到方法。

奇怪的是：如您所见，我将 Allow-Methods 标头设置为 POST,GET,PUT,OPTIONS,DELETE，但每个浏览器都说它设置为 *：

Access-Control-Allow-Headers: Authorization,Content-Type,X-Requested-With,X-CSRF-TOKEN
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin: *

更奇怪的是 - 当我在 Postman 中发出相同的请求时，标题看起来很好：

access-control-allow-headers →Authorization,Content-Type,X-Requested-With,XCSRF-TOKEN
access-control-allow-methods →POST,GET,PUT,OPTIONS,DELETE

怎么了？ laravel 处理 Pre-flight 请求是否不同？

Answer 1

我遇到了同样的问题，我通过将 .htaccess 文件中的标题设置为解决了它

<IfModule mod_rewrite.c>

   #...... other settings here

    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
    Header set Access-Control-Max-Age "1000"
    Header set Access-Control-Allow-Headers "access_token, x-requested-with, Content-Type, Accept-Encoding, Accept-Language, Cookie, Referer"
</IfModule>