转载 laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not all...

转载地址：laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not allowed by

分析

Access-Control-Allow-Headers 首部字段用于预检请求的响应。其指明了实际请求中允许携带的首部字段。
Access-Control-Allow-Headers: [, ]*
CorsMiddleware中设置x-csrf-token到预检header允许传递的字段
观察了下项目B的预检请求 x-requested-with也是需要传递的字段，所以一起添加了

header('Access-Control-Allow-Origin', 'https://learn.carsonlius.vip')
            ->header('Access-Control-Allow-Methods', 'GET,POST,PUT,OPTIONS,PATCH,DELETE,HEAD')
            ->header('Access-Control-Allow-Headers', 'x-csrf-token,x-requested-with');
    }
}
————————————————
版权声明：本文为CSDN博主「cominglately」的原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/cominglately/article/details/87552679

版权声明：本文为CSDN博主「cominglately」的原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/cominglately/article/details/87552679