Put the following code in the first line of the controller to solve
header('Access-Control-Allow-Origin: http://ding.taozugong.com'); header('Access-Control-Allow-Methods: POST, GET, DELETE, PUT, PATCH, OPTIONS'); header('Access-Control-Allow-Headers: token, Content-Type'); header('Access-Control-Allow-Credentials: true');