Laravel和CORS與barryvdh/laravel-cors

Question

我在Laravel的CORS有一個奇怪的問題，我一直在努力了一天。這是從我所看到關於laravel-CORS包像這樣的其他職位不同： Laravel angularJS CORS using barryvdh/laravel-cors

我設置根據說明我所做的封裝，唯一的其他除了Laravel是爲智威湯遜提供一攬子服務。

發生了什麼是CORS只在POST請求中工作。我可以使用POSTMAN來打我的驗證路線，一切看起來不錯，但只要我嘗試任何GET請求，就不會發送CORS頭文件。我嘗試將不同的控制器移動到我的「無保護」路線，以消除JWT干擾的可能性，但這不會改變任何事情。

這裏是我的routes.php文件：

<?php 

// unprotected routes 
Route::group(['prefix' => 'api/v1', 'middleware' => 'cors'], function() { 
    Route::post('authenticate', 'AuthenticateController@authenticate'); 
    Route::resource('trips', 'TripController'); // moved to unprotected to test CORS 
}); 

// protected routes 
Route::group(['prefix' => 'api/v1', 'middleware' => ['cors', 'jwt.auth']], function() { 
    Route::get('authenticate/user', 'AuthenticateController@getAuthenticatedUser'); 
    Route::resource('airports', 'AirportController'); 

}); 

而且我cors.php：

<?php 
return [ 
    /* 
    |-------------------------------------------------------------------------- 
    | Laravel CORS 
    |-------------------------------------------------------------------------- 
    | 
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*') 
    | to accept any value, the allowed methods however have to be explicitly listed. 
    | 
    */ 
    'supportsCredentials' => true, 
    'allowedOrigins' => ['*'], 
    'allowedHeaders' => ['*'], 
    'allowedMethods' => ['GET', 'POST', 'PUT', 'OPTIONS', 'DELETE'], 
    'exposedHeaders' => [], 
    'maxAge' => 0, 
    'hosts' => [], 
]; 

我的控制器之一：

<?php 

namespace App\Http\Controllers; 

use Illuminate\Http\Request; 
use JWTAuth; 
use Tymon\JWTAuth\Exceptions\JWTException; 

class AuthenticateController extends Controller 
{ 
    public function authenticate(Request $request) 
    { 
     $credentials = $request->only('email', 'password'); 

     try { 
      // verify the credentials and create a token for the user 
      if (!$token = JWTAuth::attempt($credentials)) { 
       return response()->json(['error' => 'invalid_credentials'], 401); 
      } 
     } catch (JWTException $e) { 
      // something went wrong 
      return response()->json(['error' => 'could_not_create_token'], 500); 
     } 

     // if no errors are encountered we can return a JWT 
     return response()->json(compact('token')); 
    } 

    public function getAuthenticatedUser() 
    { 
     try { 
      if (!$user = JWTAuth::parseToken()->authenticate()) { 
       return response()->json(['user_not_found'], 404); 
      } 
     } catch (Tymon\JWTAuth\Exceptions\TokenExpiredException $e) { 
      return response()->json(['token_expired'], $e->getStatusCode()); 
     } catch (Tymon\JWTAuth\Exceptions\TokenInvalidException $e) { 
      return response()->json(['token_invalid'], $e->getStatusCode()); 
     } catch (Tymon\JWTAuth\Exceptions\JWTException $e) { 
      return response()->json(['token_absent'], $e->getStatusCode()); 
     } 

     // the token is valid and we have found the user via the sub claim 
     return response()->json(compact('user')); 
    } 
} 

Answer 1

從CSRF排除您的路線組保護。 應用程序/ HTTP /中間件/ VerifyCsrfToken.php

class VerifyCsrfToken extends BaseVerifier 
{ 
    /** 
    * The URIs that should be excluded from CSRF verification. 
    * 
    * @var array 
    */ 
    protected $except = [ 
     'api/v1/*' 
    ]; 
} 

;）