|
|
@@ -38,7 +38,7 @@ class EnableCrossRequestMiddleware
|
|
|
];
|
|
|
if (empty($allow_origin) || in_array($origin, $allow_origin)) {
|
|
|
//允许所有资源跨域
|
|
|
- /*$response->header('Access-Control-Allow-Origin', '*');
|
|
|
+ $response->header('Access-Control-Allow-Origin', '*');
|
|
|
// 允许通过的响应报头
|
|
|
$response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
|
|
|
// 允许axios获取响应头中的Authorization
|
|
|
@@ -48,7 +48,7 @@ class EnableCrossRequestMiddleware
|
|
|
//允许的请求方法
|
|
|
$response->header('Allow', 'GET, POST, PATCH, PUT, OPTIONS, delete');
|
|
|
// 运行客户端携带证书式访问
|
|
|
- $response->header('Access-Control-Allow-Credentials', 'true');*/
|
|
|
+ $response->header('Access-Control-Allow-Credentials', 'true');
|
|
|
}
|
|
|
return $response;
|
|
|
}
|
