From 2140b37dfd33cf6b539d52f07fe347d1ea028bb8 Mon Sep 17 00:00:00 2001 From: zhenhui <1276357500@qq.com> Date: Thu, 28 May 2026 18:29:39 +0800 Subject: [PATCH] =?UTF-8?q?1.=E8=A7=A3=E5=86=B3=E5=89=8D=E7=AB=AF=E8=B7=A8?= =?UTF-8?q?=E5=9F=9F=E6=8A=A5=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/common/middleware/AllowCrossDomain.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/app/common/middleware/AllowCrossDomain.php b/app/common/middleware/AllowCrossDomain.php index deee08f..aff929c 100644 --- a/app/common/middleware/AllowCrossDomain.php +++ b/app/common/middleware/AllowCrossDomain.php @@ -14,11 +14,17 @@ use Webman\Http\Response; */ class AllowCrossDomain implements MiddlewareInterface { + /** + * 允许跨域的自定义请求头(注意:携带 credentials 时,Allow-Headers 通配符在部分浏览器无效) + */ + protected const ALLOW_HEADERS = 'Content-Type, Authorization, batoken, ba-user-token, user-token, access-token, auth-token, think-lang, lang, accept-language, x-requested-with, server'; + protected array $header = [ 'Access-Control-Allow-Credentials' => 'true', 'Access-Control-Max-Age' => '1800', - 'Access-Control-Allow-Methods' => '*', - 'Access-Control-Allow-Headers' => '*', + 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS', + 'Access-Control-Allow-Headers' => self::ALLOW_HEADERS, + 'Vary' => 'Origin', ]; /** @@ -30,7 +36,8 @@ class AllowCrossDomain implements MiddlewareInterface 'Access-Control-Allow-Credentials' => 'true', 'Access-Control-Max-Age' => '1800', 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS', - 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, user-token, access-token, think-lang, server', + 'Access-Control-Allow-Headers' => self::ALLOW_HEADERS, + 'Vary' => 'Origin', ]; $origin = $request->header('origin'); if (is_array($origin)) {