28 lines
978 B
PHP
28 lines
978 B
PHP
<?php
|
||
|
||
namespace app\process;
|
||
|
||
use Webman\App;
|
||
|
||
class Http extends App
|
||
{
|
||
/**
|
||
* 在父类处理前拦截 OPTIONS 预检,直接返回 CORS 头(避免预检未命中路由时无 CORS)
|
||
* 与 AllowCrossDomain::optionsResponse 一致,避免 * + Allow-Credentials 组合被浏览器拒绝
|
||
*/
|
||
public function onMessage($connection, $request): void
|
||
{
|
||
$method = $request->method();
|
||
if (is_string($method) && strtoupper($method) === 'OPTIONS') {
|
||
$path = $request->path();
|
||
$path = is_string($path) ? trim($path, '/') : '';
|
||
$isApiOrAdmin = $path !== '' && (str_starts_with($path, 'api') || str_starts_with($path, 'admin'));
|
||
if ($isApiOrAdmin) {
|
||
$response = \app\common\middleware\AllowCrossDomain::optionsResponse($request);
|
||
$connection->send($response);
|
||
return;
|
||
}
|
||
}
|
||
parent::onMessage($connection, $request);
|
||
}
|
||
} |