From 179d67cb0e6a0a2520631610b4b22f1f0f39ba23 Mon Sep 17 00:00:00 2001 From: zhenhui <1276357500@qq.com> Date: Mon, 30 Mar 2026 14:00:38 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B7=A8=E5=9F=9F=E6=8A=A5?= =?UTF-8?q?=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/process/Http.php | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/app/process/Http.php b/app/process/Http.php index c2f1f0d..10a5b93 100644 --- a/app/process/Http.php +++ b/app/process/Http.php @@ -3,12 +3,12 @@ namespace app\process; use Webman\App; -use Webman\Http\Response; class Http extends App { /** * 在父类处理前拦截 OPTIONS 预检,直接返回 CORS 头(避免预检未命中路由时无 CORS) + * 必须与 AllowCrossDomain::optionsResponse 一致,否则会覆盖中间件里对 Allow-Headers(如 server)的配置 */ public function onMessage($connection, $request): void { @@ -18,19 +18,8 @@ class Http extends App $path = is_string($path) ? trim($path, '/') : ''; $isApiOrAdmin = $path !== '' && (str_starts_with($path, 'api') || str_starts_with($path, 'admin')); if ($isApiOrAdmin) { - $origin = $request->header('origin'); - $origin = is_array($origin) ? ($origin[0] ?? '') : (is_string($origin) ? trim($origin) : ''); - if ($origin === '') { - $origin = '*'; - } - $headers = [ - 'Access-Control-Allow-Origin' => $origin, - 'Access-Control-Allow-Credentials' => 'true', - 'Access-Control-Max-Age' => '1800', - 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS', - 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang', - ]; - $connection->send(new Response(204, $headers, '')); + $response = \app\common\middleware\AllowCrossDomain::optionsResponse($request); + $connection->send($response); return; } }