在
This question之后,我设置了我的休息控制器行为
public function behaviors()
{
$behaviors = parent::behaviors();
$auth= $behaviors['authenticator'] = [
'class' => HttpBearerAuth::className(),'only' => ['dashboard'],];
$behaviors['contentNegotiator'] = [
'class' => ContentNegotiator::className(),'formats' => [
'application/json' => Response::FORMAT_JSON,],];
$acces=$behaviors['access'] = [
'class' => AccessControl::className(),'only' => ['login'],'rules' => [
[
'actions' => ['login'],'allow' => true,'roles' => ['?'],];
unset($behaviors['authenticator']);
unset($behaviors['access']);
而现在的cors过滤器
// add CORS filter
$behaviors['corsFilter'] = [
'class' => \yii\filters\Cors::className(),'cors' => [
// restrict access to
'Access-Control-Allow-Origin' => ['*'],'Access-Control-Request-Method' => ['GET','POST','PUT','PATCH','DELETE','HEAD','OPTIONS'],// Allow only POST and PUT methods
'Access-Control-Request-Headers' => ['*'],// Allow only headers 'X-Wsse'
'Access-Control-Allow-Credentials' => true,// Allow OPTIONS caching
'Access-Control-Max-Age' => 86400,// Allow the X-Pagination-Current-Page header to be exposed to the browser.
'Access-Control-Expose-Headers' => [],]
];
// re-add authentication filter
$behaviors['authenticator'] = $auth;
$behaviors['access'] = $access;
// avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
$behaviors['authenticator']['except'] = ['options'];
return $behaviors;
}
我的角度2前端as
const body = JSON.stringify(user);
let headers = new Headers();
headers.append('Content-Type','application/x-www-form-urlencoded');
headers.append('Content-Type','application/json');
headers.append('Access-Control-Allow-Credentials',"*");
return this._http.post(this.loginUrl,body,{ headers:headers })
.map((response: Response) => {
//process response
})
.catch(this.handleError);
但我仍然收到错误
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
尝试这个 :
原文链接:https://www.f2er.com/php/131510.htmlpublic static function allowedDomains()
{
return [
// '*',// star allows all domains
'http://localhost:3000','http://test2.example.com',];
}
public function behaviors()
{
return array_merge(parent::behaviors(),[
// For cross-domain AJAX request
'corsFilter' => [
'class' => \yii\filters\Cors::className(),'cors' => [
// restrict access to domains:
'Origin' => static::allowedDomains(),'Access-Control-Request-Method' => ['POST'],'Access-Control-Allow-Credentials' => true,'Access-Control-Max-Age' => 3600,// Cache (seconds)
],]);
}
