The most convenient method is to create a middleware and add the middleware to the global middleware. All requests are filtered by the middleware.
php artisan make:middleware CrossHttp
Then the following code is added to the handle method in the middleware \ app \ HTTP \ middleware \ crosshttp. php:
public function handle($request, Closure $next) { $response = $next($request); $response->header(‘Access-Control-Allow-Origin‘, ‘*‘); $response->header(‘Access-Control-Allow-Headers‘, ‘Origin, Content-Type, Cookie, Accept‘); $response->header(‘Access-Control-Allow-Methods‘, ‘GET, POST, PATCH, PUT, OPTIONS‘); // $response->header(‘Access-Control-Allow-Credentials‘, ‘true‘); return $response; }
Note the following:
- For requests that require cross-origin access along with authentication information, you must specify withcredentials as true in the XMLHttpRequest instance.
- You can build this middleware based on your own needs. If you need to add authentication information (including cookie and session) in the request, you need to specify access-control-allow-credentials to true, because if you do not specify the Response Header for the pre-request, the browser will ignore the response directly.
- When the value of access-control-allow-credentials is set to true in the response, the value of access-control-allow-origin cannot be set, I just adjusted it for a long time here)
- The post-middleware will be appended with the response header only when the response is normal. If an exception occurs, the response will not go through the middleware.
This means that all domains are allowed to access this interface. However, the session and cookie cannot be passed at this time. If you want to specify a domain name for access, write as follows:
$response->header(‘Access-Control-Allow-Origin‘, ‘http://mytest.com‘);
This means that only the http://mytest.com is allowed to access this interface.
The middleware has not been established yet. We need to add it to \ app \ HTTP \ kernel. php, otherwise it will not take effect. At this time, we have a choice, add it to the global or routegroup? This depends on your application. If your application is completely interface and cross-origin, add the name to global. As shown in:
If you want to use a number of interfaces that require cross-origin, write them to the following routemiddle.
Then, add the middleware alias to the route. Original article: https://blog.csdn.net/zhezhebie/article/details/78068009
Method 2:
Scenario
When laravel is used as a backend API, cross-origin issues occur during front-end Ajax requests.
Solution
Laravel5.5 barryvdh/laravel-CORS is easy to use
Composer require barryvdh/laravel-CORS
Add APP/HTTP/kernel. php
Protected $ middleware = [\ barryvdh \ CORS \ handlecors: Class];
At this time, Ajax access will be free of cross-origin issues.
---------------------
Original: 80381567
Laravel Interface Cross-Origin