在
This question之后,我设置了我的休息控制器行为
public function behaviors() { $behaviors = parent::behaviors(); $auth= $behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className(),'only' => ['dashboard'],]; $behaviors['contentNegotiator'] = [ 'class' => ContentNegotiator::className(),'formats' => [ 'application/json' => Response::FORMAT_JSON,],]; $acces=$behaviors['access'] = [ 'class' => AccessControl::className(),'only' => ['login'],'rules' => [ [ 'actions' => ['login'],'allow' => true,'roles' => ['?'],]; unset($behaviors['authenticator']); unset($behaviors['access']);
而现在的cors过滤器
// add CORS filter $behaviors['corsFilter'] = [ 'class' => \yii\filters\Cors::className(),'cors' => [ // restrict access to 'Access-Control-Allow-Origin' => ['*'],'Access-Control-Request-Method' => ['GET','POST','PUT','PATCH','DELETE','HEAD','OPTIONS'],// Allow only POST and PUT methods 'Access-Control-Request-Headers' => ['*'],// Allow only headers 'X-Wsse' 'Access-Control-Allow-Credentials' => true,// Allow OPTIONS caching 'Access-Control-Max-Age' => 86400,// Allow the X-Pagination-Current-Page header to be exposed to the browser. 'Access-Control-Expose-Headers' => [],] ]; // re-add authentication filter $behaviors['authenticator'] = $auth; $behaviors['access'] = $access; // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method) $behaviors['authenticator']['except'] = ['options']; return $behaviors; }
我的角度2前端as
const body = JSON.stringify(user); let headers = new Headers(); headers.append('Content-Type','application/x-www-form-urlencoded'); headers.append('Content-Type','application/json'); headers.append('Access-Control-Allow-Credentials',"*"); return this._http.post(this.loginUrl,body,{ headers:headers }) .map((response: Response) => { //process response }) .catch(this.handleError);
但我仍然收到错误
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
尝试这个 :
public static function allowedDomains() { return [ // '*',// star allows all domains 'http://localhost:3000','http://test2.example.com',]; } public function behaviors() { return array_merge(parent::behaviors(),[ // For cross-domain AJAX request 'corsFilter' => [ 'class' => \yii\filters\Cors::className(),'cors' => [ // restrict access to domains: 'Origin' => static::allowedDomains(),'Access-Control-Request-Method' => ['POST'],'Access-Control-Allow-Credentials' => true,'Access-Control-Max-Age' => 3600,// Cache (seconds) ],]); }