1.解决前端跨域报错

2026-05-28 18:29:39 +08:00
parent 4343a3e08c
commit 2140b37dfd
1 changed files with 10 additions and 3 deletions
--- a/app/common/middleware/AllowCrossDomain.php
+++ b/app/common/middleware/AllowCrossDomain.php
@@ -14,11 +14,17 @@ use Webman\Http\Response;
 */
 class AllowCrossDomain implements MiddlewareInterface
 {
+    /**
+     * 允许跨域的自定义请求头（注意：携带 credentials 时，Allow-Headers 通配符在部分浏览器无效）
+     */
+    protected const ALLOW_HEADERS = 'Content-Type, Authorization, batoken, ba-user-token, user-token, access-token, auth-token, think-lang, lang, accept-language, x-requested-with, server';
+
    protected array $header = [
        'Access-Control-Allow-Credentials' => 'true',
        'Access-Control-Max-Age'           => '1800',
-        'Access-Control-Allow-Methods'     => '*',
-        'Access-Control-Allow-Headers'     => '*',
+        'Access-Control-Allow-Methods'     => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
+        'Access-Control-Allow-Headers'     => self::ALLOW_HEADERS,
+        'Vary'                             => 'Origin',
    ];

    /**
@@ -30,7 +36,8 @@ class AllowCrossDomain implements MiddlewareInterface
            'Access-Control-Allow-Credentials' => 'true',
            'Access-Control-Max-Age'            => '1800',
            'Access-Control-Allow-Methods'      => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
-            'Access-Control-Allow-Headers'      => 'Content-Type, Authorization, batoken, ba-user-token, user-token, access-token, think-lang, server',
+            'Access-Control-Allow-Headers'      => self::ALLOW_HEADERS,
+            'Vary'                              => 'Origin',
        ];
        $origin = $request->header('origin');
        if (is_array($origin)) {