Merge branch 'develop' of https://e.coding.net/g-xtcy5189/cunkebao/cunkebao_v3 into develop
This commit is contained in:
wong
@@ -6,34 +6,21 @@ use think\Controller;
|
||||
use think\facade\Env;
|
||||
use app\common\service\AuthService;
|
||||
|
||||
class BaseController extends Controller {
|
||||
|
||||
|
||||
class BaseController extends Controller
|
||||
{
|
||||
/**
|
||||
* 令牌
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $token = '';
|
||||
|
||||
protected $baseUrl;
|
||||
|
||||
protected $authorization = '';
|
||||
|
||||
public function __construct() {
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct();
|
||||
$this->baseUrl = Env::get('api.wechat_url');
|
||||
// 允许跨域
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: *');
|
||||
header('Access-Control-Allow-Headers: *');
|
||||
|
||||
$this->authorization = AuthService::getSystemAuthorization();
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -14,46 +14,46 @@ class AllowCrossDomain
|
||||
*/
|
||||
public function handle($request, \Closure $next)
|
||||
{
|
||||
// 获取当前请求的域名
|
||||
$origin = $request->header('origin');
|
||||
|
||||
// 当请求使用 credentials 模式时,不能使用通配符
|
||||
// 必须指定具体的域名或提取请求中的 Origin
|
||||
$allowOrigin = '*';
|
||||
if ($origin) {
|
||||
// 如果需要限制特定域名,可以在这里判断
|
||||
// 以下是允许的域名列表,如果请求来自这些域名之一,则允许跨域
|
||||
$allowDomains = [ /* */ ];
|
||||
|
||||
// 如果请求来源在允许列表中,直接使用该源
|
||||
if (in_array($origin, $allowDomains)) {
|
||||
$allowOrigin = $origin;
|
||||
}
|
||||
}
|
||||
|
||||
// 设置允许的请求头信息
|
||||
$allowHeaders = [
|
||||
'Authorization', 'Content-Type', 'If-Match', 'If-Modified-Since',
|
||||
'If-None-Match', 'If-Unmodified-Since', 'X-Requested-With',
|
||||
'X-Token', 'X-Api-Token', 'Accept', 'Origin'
|
||||
];
|
||||
|
||||
$response = $next($request);
|
||||
|
||||
// 添加跨域响应头
|
||||
$response->header([
|
||||
'Access-Control-Allow-Origin' => $allowOrigin,
|
||||
'Access-Control-Allow-Headers' => implode(', ', $allowHeaders),
|
||||
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
|
||||
'Access-Control-Allow-Credentials' => 'true',
|
||||
'Access-Control-Max-Age' => '86400',
|
||||
]);
|
||||
|
||||
// 对于预检请求,直接返回成功响应
|
||||
if ($request->method(true) == 'OPTIONS') {
|
||||
return response()->code(200);
|
||||
}
|
||||
|
||||
return $response;
|
||||
// // 获取当前请求的域名
|
||||
// $origin = $request->header('origin');
|
||||
//
|
||||
// // 当请求使用 credentials 模式时,不能使用通配符
|
||||
// // 必须指定具体的域名或提取请求中的 Origin
|
||||
// $allowOrigin = '*';
|
||||
// if ($origin) {
|
||||
// // 如果需要限制特定域名,可以在这里判断
|
||||
// // 以下是允许的域名列表,如果请求来自这些域名之一,则允许跨域
|
||||
// $allowDomains = [ /* */ ];
|
||||
//
|
||||
// // 如果请求来源在允许列表中,直接使用该源
|
||||
// if (in_array($origin, $allowDomains)) {
|
||||
// $allowOrigin = $origin;
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// // 设置允许的请求头信息
|
||||
// $allowHeaders = [
|
||||
// 'Authorization', 'Content-Type', 'If-Match', 'If-Modified-Since',
|
||||
// 'If-None-Match', 'If-Unmodified-Since', 'X-Requested-With',
|
||||
// 'X-Token', 'X-Api-Token', 'Accept', 'Origin'
|
||||
// ];
|
||||
//
|
||||
// $response = $next($request);
|
||||
//
|
||||
// // 添加跨域响应头
|
||||
// $response->header([
|
||||
// 'Access-Control-Allow-Origin' => $allowOrigin,
|
||||
// 'Access-Control-Allow-Headers' => implode(', ', $allowHeaders),
|
||||
// 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
|
||||
// 'Access-Control-Allow-Credentials' => 'true',
|
||||
// 'Access-Control-Max-Age' => '86400',
|
||||
// ]);
|
||||
//
|
||||
// // 对于预检请求,直接返回成功响应
|
||||
// if ($request->method(true) == 'OPTIONS') {
|
||||
// return response()->code(200);
|
||||
// }
|
||||
//
|
||||
// return $response;
|
||||
}
|
||||
}
|
||||
@@ -27,4 +27,6 @@ return [
|
||||
'httponly' => '',
|
||||
// 是否使用 setcookie
|
||||
'setcookie' => true,
|
||||
// 跨站需要
|
||||
'samesite' => 'None',
|
||||
];
|
||||
|
||||
@@ -14,12 +14,10 @@ namespace think;
|
||||
|
||||
////处理跨域预检请求
|
||||
if($_SERVER['REQUEST_METHOD'] == 'OPTIONS'){
|
||||
//允许的源域名
|
||||
header("Access-Control-Allow-Origin: *");
|
||||
//允许的请求头信息
|
||||
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization");
|
||||
//允许的请求类型
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE,OPTIONS,PATCH');
|
||||
header("Access-Control-Allow-Origin: " . (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '*'));
|
||||
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie");
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH');
|
||||
header("Access-Control-Allow-Credentials: true");
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -32,4 +30,4 @@ require __DIR__ . '/../thinkphp/base.php';
|
||||
// 支持事先使用静态方法设置Request对象和Config对象
|
||||
|
||||
// 执行应用并响应
|
||||
Container::get('app')->run()->send();
|
||||
Container::get('app')->run()->send();
|
||||
@@ -12,9 +12,9 @@
|
||||
use think\facade\Route;
|
||||
|
||||
// 允许跨域
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Origin: ' . (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '*'));
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, PATCH');
|
||||
header('Access-Control-Allow-Headers: Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With, X-Token, X-Api-Token');
|
||||
header('Access-Control-Allow-Headers: Cookie, Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-Requested-With, X-Token, X-Api-Token');
|
||||
header('Access-Control-Max-Age: 1728000');
|
||||
header('Access-Control-Allow-Credentials: true');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user