转载地址:laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not allowed by
分析
Access-Control-Allow-Headers 首部字段用于预检请求的响应。其指明了实际请求中允许携带的首部字段。
Access-Control-Allow-Headers: [, ]*
CorsMiddleware中设置x-csrf-token到预检header允许传递的字段
观察了下项目B的预检请求 x-requested-with也是需要传递的字段,所以一起添加了
<?php
namespace App\Http\Middleware;
use Closure;
class CorsMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
return $next($request)->header('Access-Control-Allow-Origin', 'https://learn.carsonlius.vip')
->header('Access-Control-Allow-Methods', 'GET,POST,PUT,OPTIONS,PATCH,DELETE,HEAD')
->header('Access-Control-Allow-Headers', 'x-csrf-token,x-requested-with');
}
}
————————————————
版权声明:本文为CSDN博主「cominglately」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/cominglately/article/details/87552679
版权声明:本文为CSDN博主「cominglately」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/cominglately/article/details/87552679
网友评论