laravel8 优雅解决跨域

转载已于 2022-10-10 23:31:42 修改 · 1.8k 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：https://github.com/fruitcake/laravel-cors

文章标签：

#laravel

于 2022-07-24 17:02:17 首次发布

php 专栏收录该内容

5 篇文章

订阅专栏

这篇博客介绍了如何在Laravel8中移除老版本的跨域解决方案，并提供了详细步骤来下载和安装Fruitcake/laravel-cors的最新版。首先，通过Composer移除旧的barryvdh/laravel-cors包，然后安装并引入Fruitcake/laravel-cors。接着，在app/Http/Kernal.php中添加HandleCors中间件，并在config/cors.php配置允许跨域的路径。这样可以确保应用支持最新的跨域策略。

移除laravel8可能的老版本跨域解决方案，下载最新版

在配置文件app/Http/Kernal.php中引入

在config/cors.php文件中设置允许跨域的路径

老版本

运行composer update 更新

在配置文件app/Http/Kernal.php中引入

在config文件夹下添加cors.php文件

原文链接：GitHub - fruitcake/laravel-cors: Adds CORS (Cross-Origin Resource Sharing) headers support in your Laravel application

移除laravel8可能的老版本跨域解决方案，下载最新版

composer remove barryvdh/laravel-cors fruitcake/laravel-cors
composer require fruitcake/laravel-cors

第一条命令会执行的相对慢一点，大概4分钟吧，第二条命令执行起来就很快了

在配置文件app/Http/Kernal.php中引入

protected $middleware = [
  \Fruitcake\Cors\HandleCors::class,
    // ...
];

在config/cors.php文件中设置允许跨域的路径

 'paths' => ['api/*', 'sanctum/csrf-cookie'],

老版本

在composer.json中直接写入fruitcake/laravel-cors的版本

    "require": {
        "php": "^7.1.3",
        "fideloper/proxy": "^4.0",
        "laravel/framework": "5.6.*",
        "laravel/tinker": "^1.0",
        "fruitcake/laravel-cors": "^1.0"
    },

运行composer update 更新

在配置文件app/Http/Kernal.php中引入

protected $middleware = [
  \Fruitcake\Cors\HandleCors::class,
    // ...
];

在config文件夹下添加cors.php文件,paths字段设置允许跨域的路径

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Laravel CORS Options
    |--------------------------------------------------------------------------
    |
    | The allowed_methods and allowed_headers options are case-insensitive.
    |
    | You don't need to provide both allowed_origins and allowed_origins_patterns.
    | If one of the strings passed matches, it is considered a valid origin.
    |
    | If array('*') is provided to allowed_methods, allowed_origins or allowed_headers
    | all methods / origins / headers are allowed.
    |
    */

    /*
     * You can enable CORS for 1 or multiple paths.
     * Example: ['api/*']
     */
    'paths' => ['*'],

    /*
    * Matches the request method. `[*]` allows all methods.
    */
    'allowed_methods' => ['*'],

    /*
     * Matches the request origin. `[*]` allows all origins.
     */
    'allowed_origins' => ['*'],

    /*
     * Matches the request origin with, similar to `Request::is()`
     */
    'allowed_origins_patterns' => [],

    /*
     * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
     */
    'allowed_headers' => ['*'],

    /*
     * Sets the Access-Control-Expose-Headers response header.
     */
    'exposed_headers' => false,

    /*
     * Sets the Access-Control-Max-Age response header.
     */
    'max_age' => false,

    /*
     * Sets the Access-Control-Allow-Credentials header.
     */
    'supports_credentials' => false,
];