转载 laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not all...

转载地址:laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not allowed by

分析

Access-Control-Allow-Headers 首部字段用于预检请求的响应。其指明了实际请求中允许携带的首部字段。
Access-Control-Allow-Headers: [, ]*
CorsMiddleware中设置x-csrf-token到预检header允许传递的字段
观察了下项目B的预检请求 x-requested-with也是需要传递的字段,所以一起添加了

header('Access-Control-Allow-Origin', 'https://learn.carsonlius.vip')
            ->header('Access-Control-Allow-Methods', 'GET,POST,PUT,OPTIONS,PATCH,DELETE,HEAD')
            ->header('Access-Control-Allow-Headers', 'x-csrf-token,x-requested-with');
    }
}
————————————————
版权声明:本文为CSDN博主「cominglately」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/cominglately/article/details/87552679

版权声明:本文为CSDN博主「cominglately」的原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/cominglately/article/details/87552679

你可能感兴趣的:(转载 laravel5.5 cors has been blocked by CORS policy: Request header field x-csrf-token is not all...)