Lumen API CORS Ajax 405 Method Not Allowed

后端 未结 3 1977
忘了有多久
忘了有多久 2021-01-16 13:42

I have an api on Laravel Lumen, we test via Postman and Ruby Rest Client and all go very well, but we create a simple Auth Login that response a web token, all works fine bu

3条回答
  •  心在旅途
    2021-01-16 14:39

    Before sending the original request, React sends a request of Http method Options which checks if cross-domain requests are accepted at the API server?

    Below is the approach I followed:

    Add wildcard route of method option

    Route::options(
        '/{any:.*}', 
        [
            'middleware' => ['CorsMiddleware'], 
            function (){ 
                return response(['status' => 'success']); 
            }
        ]
    );
    

    CorsMiddleware is the middleware used to handle the requests.

     '*',    // Wide Open!
            'allowMethods' => 'GET,HEAD,PUT,POST,DELETE,PATCH,OPTIONS',
        );
    
        protected function setOrigin($req, $rsp) {
            $origin = $this->settings['origin'];
            if (is_callable($origin)) {
                // Call origin callback with request origin
                $origin = call_user_func($origin,
                            $req->header("Origin")
                        );
            }
            $rsp->header('Access-Control-Allow-Origin', $origin);
        }
    
        protected function setExposeHeaders($req, $rsp) {
            if (isset($this->settings['exposeHeaders'])) {
                $exposeHeaders = $this->settings['exposeHeaders'];
                if (is_array($exposeHeaders)) {
                    $exposeHeaders = implode(", ", $exposeHeaders);
                }
    
                $rsp->header('Access-Control-Expose-Headers', $exposeHeaders);
            }
        }
    
        protected function setMaxAge($req, $rsp) {
            if (isset($this->settings['maxAge'])) {
                $rsp->header('Access-Control-Max-Age', $this->settings['maxAge']);
            }
        }
    
        protected function setAllowCredentials($req, $rsp) {
            if (isset($this->settings['allowCredentials']) && $this->settings['allowCredentials'] === True) {
                $rsp->header('Access-Control-Allow-Credentials', 'true');
            }
        }
    
        protected function setAllowMethods($req, $rsp) {
            if (isset($this->settings['allowMethods'])) {
                $allowMethods = $this->settings['allowMethods'];
                if (is_array($allowMethods)) {
                    $allowMethods = implode(", ", $allowMethods);
                }
    
                $rsp->header('Access-Control-Allow-Methods', $allowMethods);
            }
        }
    
        protected function setAllowHeaders($req, $rsp) {
            if (isset($this->settings['allowHeaders'])) {
                $allowHeaders = $this->settings['allowHeaders'];
                if (is_array($allowHeaders)) {
                    $allowHeaders = implode(", ", $allowHeaders);
                }
            }
            else {  // Otherwise, use request headers
                $allowHeaders = $req->header("Access-Control-Request-Headers");
            }
            if (isset($allowHeaders)) {
                $rsp->header('Access-Control-Allow-Headers', $allowHeaders);
            }
        }
    
        protected function setCorsHeaders($req, $rsp) {
            // http://www.html5rocks.com/static/images/cors_server_flowchart.png
            // Pre-flight
            if ($req->isMethod('OPTIONS')) {
                $this->setOrigin($req, $rsp);
                $this->setMaxAge($req, $rsp);
                $this->setAllowCredentials($req, $rsp);
                $this->setAllowMethods($req, $rsp);
                $this->setAllowHeaders($req, $rsp);
            }
            else {
                $this->setOrigin($req, $rsp);
                $this->setExposeHeaders($req, $rsp);
                $this->setAllowCredentials($req, $rsp);
            }
        }
        /**
         * Handle an incoming request.
         *
         * @param  \Illuminate\Http\Request  $request
         * @param  \Closure  $next
         * @return mixed
         */
        public function handle($request, Closure $next) {
            if ($request->isMethod('OPTIONS')) {
                $response = new Response("", 200);
            }
            else {
                $response = $next($request);
            }
            $this->setCorsHeaders($request, $response);
            return $response;
        }
    }
    

    Load middleware $app->routeMiddleware section of bootstrap/app.php

    Keep all application URLs in the group checking the CorsMiddleware

    Route::group(['middleware' => 'CorsMiddleware'], function($router){
        $app->post('/auth/login', function() {
            return response()->json([
                'message' => 'CORS OPTIONS Accepted.',
            ]);
        });
    }
    

提交回复
热议问题