Laravel 5.1 API启用Cors

我使用的是Laravel 5.4，不幸的是，尽管接受的答案似乎很好，但对于预检请求（如PUT和DELETE），该OPTIONS请求将在请求之前，在$routeMiddleware数组中指定中间件（并在路由定义文件中使用），除非您也定义一个路由处理程序OPTIONS。这是因为如果没有OPTIONS路由，Laravel将在内部响应该方法而没有CORS标头。简而言之，要么在$middleware数组中定义针对所有请求全局运行的中间件，要么在其中进行操作，$middlewareGroups或者$routeMiddleware为定义路由处理程序OPTIONS。可以这样完成：Route::match(['options', 'put'], '/route', function () {    // This will work with the middleware shown in the accepted answer})->middleware('cors');我还出于相同的目的编写了一个中间件，该中间件看起来很相似，但是由于试图更好地配置和处理一系列条件，因此其尺寸更大：<?phpnamespace App\Http\Middleware;use Closure;class Cors{    private static $allowedOriginsWhitelist = [      'http://localhost:8000'    ];    // All the headers must be a string    private static $allowedOrigin = '*';    private static $allowedMethods = 'OPTIONS, GET, POST, PUT, PATCH, DELETE';    private static $allowCredentials = 'true';    private static $allowedHeaders = '';    /**     * Handle an incoming request.     *     * @param  \Illuminate\Http\Request  $request     * @param  \Closure  $next     * @return mixed     */    public function handle($request, Closure $next)    {      if (! $this->isCorsRequest($request))      {        return $next($request);      }      static::$allowedOrigin = $this->resolveAllowedOrigin($request);      static::$allowedHeaders = $this->resolveAllowedHeaders($request);      $headers = [        'Access-Control-Allow-Origin'       => static::$allowedOrigin,        'Access-Control-Allow-Methods'      => static::$allowedMethods,        'Access-Control-Allow-Headers'      => static::$allowedHeaders,        'Access-Control-Allow-Credentials'  => static::$allowCredentials,      ];      // For preflighted requests      if ($request->getMethod() === 'OPTIONS')      {        return response('', 200)->withHeaders($headers);      }      $response = $next($request)->withHeaders($headers);      return $response;    }    /**     * Incoming request is a CORS request if the Origin     * header is set and Origin !== Host     *     * @param  \Illuminate\Http\Request  $request     */    private function isCorsRequest($request)    {      $requestHasOrigin = $request->headers->has('Origin');      if ($requestHasOrigin)      {        $origin = $request->headers->get('Origin');        $host = $request->getSchemeAndHttpHost();        if ($origin !== $host)        {          return true;        }      }      return false;    }    /**     * Dynamic resolution of allowed origin since we can't     * pass multiple domains to the header. The appropriate     * domain is set in the Access-Control-Allow-Origin header     * only if it is present in the whitelist.     *     * @param  \Illuminate\Http\Request  $request     */    private function resolveAllowedOrigin($request)    {      $allowedOrigin = static::$allowedOrigin;      // If origin is in our $allowedOriginsWhitelist      // then we send that in Access-Control-Allow-Origin      $origin = $request->headers->get('Origin');      if (in_array($origin, static::$allowedOriginsWhitelist))      {        $allowedOrigin = $origin;      }      return $allowedOrigin;    }    /**     * Take the incoming client request headers     * and return. Will be used to pass in Access-Control-Allow-Headers     *     * @param  \Illuminate\Http\Request  $request     */    private function resolveAllowedHeaders($request)    {      $allowedHeaders = $request->headers->get('Access-Control-Request-Headers');      return $allowedHeaders;    }}

Laravel 5.1 API启用Cors

3回答