mojiahui/webman-buildadmin-mall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复跨域报错

Browse Source
This commit is contained in:
zhenhui
2026-03-30 12:45:48 +08:00
parent e4e5a5cae2
commit a0d114fbc4
1 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/common/middleware/AllowCrossDomain.php
View File

@@ -21,6 +21,25 @@ class AllowCrossDomain implements MiddlewareInterface
'Access-Control-Allow-Headers' => '*', 'Access-Control-Allow-Headers' => '*',
]; ];
/**
* 读取预检请求中的 Access-Control-Request-Headers经 CDN/反代时 Request 可能取不到,补读 $_SERVER
*/
private static function accessControlRequestHeaders(Request $request): string
{
$reqHeaders = $request->header('access-control-request-headers', '');
if (is_array($reqHeaders)) {
$reqHeaders = $reqHeaders[0] ?? '';
}
if (is_string($reqHeaders) && trim($reqHeaders) !== '') {
return trim($reqHeaders);
}
$fromServer = $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] ?? '';
if (is_string($fromServer) && trim($fromServer) !== '') {
return trim($fromServer);
}
return '';
}
/** /**
* 返回 CORS 预检OPTIONS响应供路由直接调用Webman 未匹配路由时不走中间件) * 返回 CORS 预检OPTIONS响应供路由直接调用Webman 未匹配路由时不走中间件)
*/ */
@@ -30,7 +49,7 @@ class AllowCrossDomain implements MiddlewareInterface
'Access-Control-Allow-Credentials' => 'true', 'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => '1800', 'Access-Control-Max-Age' => '1800',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS', 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang, lang', 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang, lang, server',
]; ];
$origin = $request->header('origin'); $origin = $request->header('origin');
if (is_array($origin)) { if (is_array($origin)) {
@@ -49,11 +68,8 @@ class AllowCrossDomain implements MiddlewareInterface
if ($allowed) { if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin; $header['Access-Control-Allow-Origin'] = $origin;
// 回显浏览器在预检中声明的请求头,避免白名单遗漏导致 CORS 失败 // 回显浏览器在预检中声明的请求头,避免白名单遗漏导致 CORS 失败
$reqHeaders = $request->header('access-control-request-headers', ''); $reqHeaders = self::accessControlRequestHeaders($request);
if (is_array($reqHeaders)) { if ($reqHeaders !== '') {
$reqHeaders = $reqHeaders[0] ?? '';
}
if (is_string($reqHeaders) && trim($reqHeaders) !== '') {
$header['Access-Control-Allow-Headers'] = $reqHeaders; $header['Access-Control-Allow-Headers'] = $reqHeaders;
} }
} }