mojiahui/webman-buildadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mojiahui:master
Branches Tags
mojiahui:master mojiahui:master-game-dice mojiahui:master-game mojiahui:master-test
...
compare: mojiahui:c4c17180ee1820eaa53f31aca8c0f7854c8d8d31
Branches Tags
mojiahui:master-game-dice mojiahui:master mojiahui:master-game mojiahui:master-test

3 Commits
master ... c4c17180ee

Author SHA1 Message Date
zhenhui
c4c17180ee 测试分支-部署-优化跨域报错 2026-03-21 11:56:21 +08:00
zhenhui
85da91e3f3 测试分支-部署-添加跨域 2026-03-21 11:50:00 +08:00
zhenhui
a0f14015ed 测试分支-部署 2026-03-21 11:30:08 +08:00
7 changed files with 73 additions and 59 deletions
Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,8 +1,8 @@
# 通过 Git 部署项目至线上时建议删除的忽略规则
/vendor
/modules
/public/*.lock
/public/index.html
#/public/*.lock
#/public/index.html
/public/assets
# 通过 Git 部署项目至线上时可以考虑删除的忽略规则

83
app/common/middleware/AllowCrossDomain.php
View File

@@ -21,6 +21,46 @@ class AllowCrossDomain implements MiddlewareInterface
'Access-Control-Allow-Headers' => '*',
];
/**
* 根据 Origin 与配置写入 Access-Control-Allow-Origin。
* 注意:* 与 Access-Control-Allow-Credentials:true 不能同时出现,故通配时去掉 Credentials。
*/
private static function applyCorsOrigin(Request $request, array $header): array
{
$origin = $request->header('origin');
if (is_array($origin)) {
$origin = $origin[0] ?? '';
}
$origin = is_string($origin) ? trim($origin) : '';
$corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
$corsDomain[] = $request->host(true);
$wildcard = in_array('*', $corsDomain);
if ($origin !== '') {
$info = parse_url($origin);
$host = '';
if (is_array($info)) {
$host = $info['host'] ?? '';
}
$allowed = $wildcard
|| in_array($origin, $corsDomain)
|| in_array($host, $corsDomain)
|| ($host === 'localhost' || $host === '127.0.0.1');
if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin;
}
return $header;
}
if ($wildcard) {
$header['Access-Control-Allow-Origin'] = '*';
unset($header['Access-Control-Allow-Credentials']);
}
return $header;
}
/**
* 返回 CORS 预检OPTIONS响应供路由直接调用Webman 未匹配路由时不走中间件)
*/
@@ -32,24 +72,7 @@ class AllowCrossDomain implements MiddlewareInterface
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
];
$origin = $request->header('origin');
if (is_array($origin)) {
$origin = $origin[0] ?? '';
}
$origin = is_string($origin) ? trim($origin) : '';
if ($origin !== '') {
$info = parse_url($origin);
$host = $info['host'] ?? '';
$corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
$corsDomain[] = $request->host(true);
$allowed = in_array('*', $corsDomain)
|| in_array($origin, $corsDomain)
|| in_array($host, $corsDomain)
|| ($host === 'localhost' || $host === '127.0.0.1');
if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin;
}
}
$header = self::applyCorsOrigin($request, $header);
return response('', 204, $header);
}
@@ -60,29 +83,7 @@ class AllowCrossDomain implements MiddlewareInterface
return $handler($request);
}
$header = $this->header;
$origin = $request->header('origin');
if (is_array($origin)) {
$origin = $origin[0] ?? '';
}
$origin = is_string($origin) ? trim($origin) : '';
if ($origin !== '') {
$info = parse_url($origin);
$host = $info['host'] ?? '';
$corsDomain = array_map('trim', explode(',', config('buildadmin.cors_request_domain', '')));
$corsDomain[] = $request->host(true);
$allowed = in_array('*', $corsDomain)
|| in_array($origin, $corsDomain)
|| in_array($host, $corsDomain)
|| ($host === 'localhost' || $host === '127.0.0.1');
if ($allowed) {
$header['Access-Control-Allow-Origin'] = $origin;
}
}
$header = self::applyCorsOrigin($request, $this->header);
if ($request->method() === 'OPTIONS') {
return response('', 204, $header);

17
app/process/Http.php
View File

@@ -3,12 +3,12 @@
namespace app\process;
use Webman\App;
use Webman\Http\Response;
class Http extends App
{
/**
* 在父类处理前拦截 OPTIONS 预检,直接返回 CORS 头(避免预检未命中路由时无 CORS
* 与 AllowCrossDomain::optionsResponse 一致,避免 * + Allow-Credentials 组合被浏览器拒绝
*/
public function onMessage($connection, $request): void
{
@@ -18,19 +18,8 @@ class Http extends App
$path = is_string($path) ? trim($path, '/') : '';
$isApiOrAdmin = $path !== '' && (str_starts_with($path, 'api') || str_starts_with($path, 'admin'));
if ($isApiOrAdmin) {
$origin = $request->header('origin');
$origin = is_array($origin) ? ($origin[0] ?? '') : (is_string($origin) ? trim($origin) : '');
if ($origin === '') {
$origin = '*';
}
$headers = [
'Access-Control-Allow-Origin' => $origin,
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => '1800',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, PATCH, OPTIONS',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization, batoken, ba-user-token, think-lang',
];
$connection->send(new Response(204, $headers, ''));
$response = \app\common\middleware\AllowCrossDomain::optionsResponse($request);
$connection->send($response);
return;
}
}

2
config/buildadmin.php
View File

@@ -5,7 +5,7 @@
return [
// 允许跨域访问的域名(* 表示任意;开发可用 *,生产建议填具体域名)
'cors_request_domain' => '*',
'cors_request_domain' => '*,test.zhenhui666.top',
// 是否开启会员登录验证码
'user_login_captcha' => true,
// 是否开启管理员登录验证码

23
public/index.html Normal file
View File

File diff suppressed because one or more lines are too long

1
public/install.lock Normal file
View File

@@ -0,0 +1 @@
2026-03-18 11:17:18

2
web/.env.production
View File

@@ -8,4 +8,4 @@ VITE_BASE_PATH = '/'
VITE_OUT_DIR = 'dist'
# 线上环境接口地址 - 'getCurrentDomain:表示获取当前域名'
VITE_AXIOS_BASE_URL = 'getCurrentDomain'
VITE_AXIOS_BASE_URL = 'https://test-api.zhenhui666.top'