thinkphp5.1 跨域问题最佳实践
|
1,544
|
0
|
php
|
santiago

210 字
|
6 分钟

1.CORS.PHP

Access-Control-Allow-Origin 的值为*时 前端无法传入cookie,所以这里用配置文件做具体域名

1.在config/app.php 中配置容许跨域的域名

<?php
return [
    // +----------------------------------------------------------------------
    // | 跨域拦截器支持的域名
    // +----------------------------------------------------------------------
    'cors_host'=>[
        'zhuke.card.nmgjoin.com',
        'zhuke-wap.card.nmgjoin.com'
    ]
];

2.在 application/tags.php 文件中指定行为处理

<?php
// 应用行为扩展定义文件
return [
    // 应用初始化
    'app_init'     => [
        'app\\common\\behavior\\CORS'
    ]
];

3.在application/common/behavior/CORS.php 实现跨域逻辑

<?php
namespace app\common\behavior;
use think\facade\Config;
use think\Request;
use think\Response;
class CORS
{
    /**
     * 动态处理跨域问题
     * @param Request $request
     * @param $params
     */
    public function run(Request $request, $params){
        // 容许跨域问题的域名列表
        $cors_host =Config::get('cors_host');
        // $refer = $_SERVER['HTTP_REFERER'] ??'';
      	$refer="";
        if (array_key_exists('HTTP_REFERER', $_SERVER)){//qq浏览器没有HTTP_REFERER属性
            $refer=$_SERVER['HTTP_REFERER'];
        }else if(array_key_exists('HTTP_ORIGIN', $_SERVER))
        {
            $refer=$_SERVER['HTTP_ORIGIN'];
        }
      	$refer_array = parse_url($refer);
        $refer_host = $refer_array["host"]??"";
        $refer_scheme= $refer_array["scheme"]??"";
        if(! empty($refer) && in_array($refer_host,$cors_host)) {
            header('Access-Control-Allow-Origin: '.$refer_scheme."://".$refer_host);
            header('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, DELETE'); //支持的http 动作
            header("Access-Control-Allow-Credentials:true");
            header("Access-Control-Allow-Headers:DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding, x-token");

            if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS'){
                Response::create()
                    ->contentType("application/json")
                    ->code(200)
                    ->send();
            }
        }
    }
}

5.0 老版本写法

$cors_host =config('cors_host');
        $refer = $_SERVER['HTTP_REFERER'] ??'';
        $refer_host = parse_url($refer, PHP_URL_HOST);
        if(!empty($refer) && in_array($refer_host,$cors_host)) {
            header('Access-Control-Allow-Origin: '.rtrim($refer,'/'));
            header("Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding, x-token");
            header("Access-Control-Allow-Credentials: true");
            header('Access-Control-Allow-Methods: *');
            if (request()->isOptions()) {
                exit();
            }
        }

2.CORSALL.PHP

如果你的业务不存在Cookie且需要全部跨域 请参考

<?php
space app\common\behavior;
use think\Request;

class CORSALL
{
    /**
     * 动态处理跨域问题(全部放行)
     * @param Request $request
     * @param $params
     */
    public function run(Request $request, $params){
        header('Access-Control-Allow-Origin: *');
        header("Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type, Accept-Language, Origin, Accept-Encoding, x-token");
        header("Access-Control-Allow-Credentials: true");
        header('Access-Control-Allow-Methods: *');
        if (request()->isOptions()) {
            exit();
        }
    }
}
上一篇
下一篇

推荐文章

PHP 使用mpdf做 html转pdf输出
PHP 读取excel 时间型数据转换
php fgetcsv 读取csv 中文乱码问题
php 通用化excel 导出
php ZipArchive 中文乱码
php 导出excel