CORS是什麼?
CORS(Cross-Origin Resource Sharing)簡單來說就是跨網站資源存取,出於安全性必須要在伺服端加入 header 這樣 javascript 的請求才不會被封鎖
PHP 寫法
<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept'); // code here
Laravel 寫法
建立中間件
$ php artisan make:middleware Cors
Cors.php
<?php namespace AppHttpMiddleware; use Closure; class Cors { /** * Handle an incoming request. * * @param IlluminateHttpRequest $request * @param Closure $next * @return mixed */ public function handle($request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin' , '*') ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE') ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With'); } }
到Kernel.php註冊
protected $routeMiddleware = [ 'auth' => AppHttpMiddlewareAuthenticate::class, 'auth.basic' => IlluminateAuthMiddlewareAuthenticateWithBasicAuth::class, 'can' => IlluminateFoundationHttpMiddlewareAuthorize::class, 'guest' => AppHttpMiddlewareRedirectIfAuthenticated::class, 'throttle' => IlluminateRoutingMiddlewareThrottleRequests::class, 'cors' => AppHttpMiddlewareCors::class, // <<< add this line ];
在路由中像一般middleware使用
//api Route::group(['prefix' => 'api', 'middleware' => 'cors'],function(){ }
關鍵字
No 'Access-Control-Allow-Origin' header is present on the requested resource
laravel CORS header
PHP CORS header
參考
http://en.vedovelli.com.br/2015/web-development/Laravel-5-1-enable-CORS/