From b0d25b30f9ffea8fbc4920aaa18d0ffaf30fc998 Mon Sep 17 00:00:00 2001 From: zhenhui <1276357500@qq.com> Date: Sat, 21 Mar 2026 14:08:09 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B5=8B=E8=AF=95=E5=88=86=E6=94=AF-=E9=83=A8?= =?UTF-8?q?=E7=BD=B2-=E4=BC=98=E5=8C=96=E8=B7=A8=E5=9F=9F=E6=8A=A5?= =?UTF-8?q?=E9=94=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/process/Http.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/app/process/Http.php b/app/process/Http.php index 2228154..c2f1f0d 100644 --- a/app/process/Http.php +++ b/app/process/Http.php @@ -3,12 +3,12 @@ namespace app\process; use Webman\App; +use Webman\Http\Response; class Http extends App { /** * 在父类处理前拦截 OPTIONS 预检,直接返回 CORS 头(避免预检未命中路由时无 CORS) - * 与 AllowCrossDomain::optionsResponse 一致,避免 * + Allow-Credentials 组合被浏览器拒绝 */ public function onMessage($connection, $request): void { @@ -18,8 +18,19 @@ class Http extends App $path = is_string($path) ? trim($path, '/') : ''; $isApiOrAdmin = $path !== '' && (str_starts_with($path, 'api') || str_starts_with($path, 'admin')); if ($isApiOrAdmin) { - $response = \app\common\middleware\AllowCrossDomain::optionsResponse($request); - $connection->send($response); + $origin = $request->header('origin'); + $origin = is_array($origin) ? ($origin[0] ?? '') : (is_string($origin) ? trim($origin) : ''); + if ($origin === '') { + $origin = '*'; + } + $headers = [ + 'Access-Control-Allow-Origin' => $origin, + 'Access-Control-Allow-Credentials' => 'true', + 'Access-Control-Max-Age' => '1800', + 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS', + 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang', + ]; + $connection->send(new Response(204, $headers, '')); return; } }