0x01
Enable built-in middleware in ./app/middleware.php file
\think\middleware\AllowCrossDomain::class<?php
// 全局中间件定义文件
return [
// 全局请求缓存
// \think\middleware\CheckRequestCache::class,
// 多语言加载
// \think\middleware\LoadLangPack::class,
// Session初始化
// \think\middleware\SessionInit::class
// 注册中间件
// \app\middleware\Check::class
// 跨域
\think\middleware\AllowCrossDomain::class
];
0x02
*Cross-domain requests are worth noting. If you use tp6 official cross-domain request support middleware, then
use think\middleware\AllowCrossDomain;
then you may need to enter the following file
vendor/topthink/framework/src/think/middleware/AllowCrossDomain.php
Supplement your request header parameters in the following parameters
For example, if your request header token name is XXX-TOKEN, then you need to use
'Access-Control-Allow-Headers' => 'Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With',
change to
'Access-Control-Allow-Headers' => ' Token , Authorization, Content-Type, If-Match, If-Modified-Since , If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With',
protected $header = [
'Access-Control-Allow-Credentials' => 'true',
'Access-Control-Max-Age' => 1800,
'Access-Control-Allow-Methods' => 'GET, POST, PATCH, PUT, DELETE, OPTIONS',
'Access-Control-Allow-Headers' => 'Token,Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With',
];
The official explanation of this thing Access-Control-Allow-Headers is this "It shows that in addition to the request headers listed in the CORS security list, CORS requests to the server also support a custom header named X-Custom-Header ".
It means that if you do not send the request directly, but the request header carries the Token but it is not within the allowed request header range, then it is judged that the sent request is cross-domain, and sometimes it is not the fault of the middleware AllowCrossDomain.