Copyright: the voice of experience, I do not know whether the change package spicy bar, and the other, please indicate the source. https://blog.csdn.net/zhezhebie/article/details/90693220
When the front and rear end interactive experience cross-domain problem, I use a front-end direct postman code inside the code, and then being given, because I allow the back end of the first header which does not contain a cache-control and postman-token , it will explode the following errors:
element.style {
}
user agent stylesheet
body {
display: block;
margin: 8px;
}
index.html:1 Access to XMLHttpRequest at 'http://xxx:88/api/xx/index' from origin 'http://test.com' has been blocked by CORS policy: Request header field cache-control is not allowed by Access-Control-Allow-Headers in preflight response.
Front-end test code:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Document</title>
</head>
<body>
<h1>123124</h1>
</body>
<script src="https://cdn.bootcss.com/jquery/3.4.1/jquery.min.js"></script>
<script>
var form = new FormData();
form.append("email", "[email protected]");
form.append("password", "password");
var settings = {
"async": true,
"crossDomain": true,
"url": "http://xxx/api/product/index",
"method": "GET",
"headers": {#就是这里导致上面的错误
"Cache-Control": "no-cache",
"Postman-Token": "6a627352-c28b-4853-b59a-1f6f753e66e6"
},
"processData": false,
"contentType": false,
"mimeType": "multipart/form-data",
"data": form
}
$.ajax(settings).done(function (response) {
console.log(response);
});
</script>
</html>
There are two solutions:
1. The front end of which a request to remove the headers and the inside cache-control postman-token
1. Inside the rear end of middleware which allows cache-control headers and postman-token
<?php
namespace App\Http\Middleware;
use Closure;
class CrossHttp {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next) {
$response = $next($request);
$response->header('Access-Control-Allow-Origin', '*');
$response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, cache-control,postman-token,Cookie, Accept');#注意这里
$response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
// $response->header('Access-Control-Allow-Credentials', 'true');
return $response;
}
}
Again requests can be.