diego-rlima/laravel-cors

此包已弃用且不再维护。未建议替代包。

用于向Laravel应用程序添加CORS(跨源资源共享)头部的简单包。

维护者

详情

github.com/diego-rlima/laravel-cors

来源

问题

安装: 34

依赖者: 0

建议者: 0

安全: 0

星标: 0

关注者: 1

分支: 0

开放问题: 0

v1.0.1 2019-03-08 13:20 UTC

Requires

MIT d8f28cb49f3c59640f77678e6d21dce613bebb86

  • Diego R. Lima <contact.woop@diegoribeiro.net>

This package is auto-updated.

Last update: 2024-08-09 02:20:23 UTC

README

用于向Laravel应用程序添加CORS(跨源资源共享)头部的简单包。

要求

此包需要 Laravel 5.5 或更高版本PHP 7.0.0 或更高版本

安装

$ composer require diego-rlima/laravel-cors

全局使用

要允许所有路由使用CORS,请将 CorsMiddleware 添加到 app/Http/Kernel.php 类的 $middleware 属性中

protected $middleware = [
    // ...
    \DRL\LaravelCors\CorsMiddleware::class,
];

中间件组

您还可以在特定的中间件组中允许CORS。只需将 CorsMiddleware 添加到您的组中

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \DRL\LaravelCors\CorsMiddleware::class,
    ],
];

配置

默认值在 config/cors.php 中设置。将此文件复制到您的配置目录以修改设置。

使用以下命令发布配置

$ php artisan vendor:publish --provider="DRL\LaravelCors\CorsServiceProvider"

注意:如果您显式地白名单了头部,您必须包含 Origin,否则请求将无法被识别为CORS。

return [

    /*
    |----------------------------------------------------------------------
    | Access-Control-Allow-Origin
    |----------------------------------------------------------------------
    |
    | This response header specifies the method or methods allowed when
    | accessing the resource in response to a preflight request.
    |
    */

    'allow_origins' => [
        '*',
    ],

    /*
    |----------------------------------------------------------------------
    | Access-Control-Allow-Methods
    |----------------------------------------------------------------------
    |
    | This response header specifies the method or methods allowed when
    | accessing the resource in response to a preflight request.
    |
    */

    'allow_methods' => [
        'POST',
        'GET',
        'OPTIONS',
        'PATCH',
        'PUT',
        'DELETE',
    ],

    /*
    |----------------------------------------------------------------------
    | Access-Control-Allow-Headers
    |----------------------------------------------------------------------
    |
    | This response header is used in response to a preflight request to
    | indicate which HTTP headers can be used during the actual request.
    |
    */

    'allow_headers' => [
        'Content-Type',
        'X-Auth-Token',
        'Origin',
        'Authorization',
    ],

    /*
    |----------------------------------------------------------------------
    | Access-Control-Expose-Headers
    |----------------------------------------------------------------------
    |
    | This response header indicates which headers can be exposed as part
    | of the response by listing their names.
    |
    */

    'expose_headers' => [
        'Cache-Control',
        'Content-Language',
        'Content-Type',
        'Expires',
        'Last-Modified',
        'Pragma',
    ],

    /*
    |----------------------------------------------------------------------
    | Access-Control-Max-Age
    |----------------------------------------------------------------------
    |
    | This response header indicates how long the results of a preflight
    | request can be cached.
    |
    */

    'max_age' => 60 * 60 * 24,
]

allow_originsallow_methodsallow_headersexpose_headers 的值可以设置为 array('*') 以接受任何值。

许可

在MIT许可证下发布,请参阅 LICENSE