我正在构建一个使用vuejs和lumen作为api的应用程序,
我的vejs应用程序在尝试验证
时抛出错误XMLHttpRequest无法加载http://api.dev/auth/login。请求报头字段Content-Type在pre - flight响应中不被Access-Control-Allow-Headers允许。
我有一些中间件来处理错误
class cors {
/**
* @var array
*/
protected $settings = [
'maxAge' => 0,
'origin' => '*',
'allowMethods' => '*',
'exposeHeaders' => '*',
'allowedHeaders' => '*'
];
public function handle(ServerRequestInterface $request, Closure $next)
{
//handle preflight request
if ('OPTIONS' == $request->getMethod()) {
$response = new 'Illuminate'Http'Response('',"204");
$this->setOrigin($request, $response);
$this->setAllowHeaders($request,$response);
return $response;
}
}
/**
* @param ServerRequestInterface $request
* @param ResponseInterface $response
*/
protected function setOrigin(ServerRequestInterface $request,$response)
{
$origin = $this->settings['origin'];
if (is_callable($origin)) {
$origin = call_user_func($origin,$response->withAddedHeader('Origin',$origin));
}
$response->headers->set('Access-Control-Allow-Origin', $origin);
}
/**
* @param ServerRequestInterface $request
* @param ResponseInterface $response
*/
protected function setAllowHeaders(ServerRequestInterface $request,$response)
{
if (isset($this->settings['allowedHeaders'])) {
$allowedHeaders = $this->settings['allowedHeaders'];
if (is_array($allowedHeaders)) {
$allowedHeaders = implode(", ", $allowedHeaders);
}
}
else {
$allowedHeaders = $request->hasHeader("Access-Control-Request-Headers");
}
if (isset($allowedHeaders)) {
$response->headers->set('Access-Control-Allow-Headers', $allowedHeaders);
}
}
}
在chrome浏览器我的响应头显示
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:*
Cache-Control:no-cache
Content-Type:text/html; charset=UTF-8
Date:Mon, 10 Oct 2016 16:10:52 GMT
Server:Caddy
Status:204 No Content
X-Powered-By:PHP/7.0.10
如果我设置了通配符Access-Control-Allow-Headers为什么它不接受header?
根据这个问题的答案,Access-Control-Allow-Headers的通配符是相对较新的(2016年5月),所以它可能不会被大多数浏览器广泛采用。
你可能应该定义你想在preflight请求中允许的标题。