跨域配置-Access-Control-Allow-Origin

//指定允許其他域名訪問
Access-Control-Allow-Origin:http://172.20.0.206
//一般用法（*，指定域，動態設置）

//是否允許后續請求攜帶認證信息（cookies）,該值只能是true,否則不返回
Access-Control-Allow-Credentials:true


//預檢結果緩存時間
Access-Control-Max-Age: 1800


//允許的請求類型
Access-Control-Allow-Methods:GET,POST,PUT,POST

//允許的請求頭字段
Access-Control-Allow-Headers:x-requested-with,content-type

 

配置動態跨域

Nginx

#PHP-INFO-START
if ($http_origin ~* "^(.*?)\.domain\.com$") {
　　set $cors_origin $http_origin;
}

if ($request_method = 'OPTIONS') {
　　add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
　　add_header Access-Control-Allow-Origin $cors_origin;
　　add_header Access-Control-Allow-Credentials true;
　　add_header Access-Control-Allow-Headers 'Content-Type,X-Requested-With';
　　return 204;
}
#PHP-INFO-END

PHP

if (!empty($_SERVER["HTTP_ORIGIN"]) && strpos($_SERVER["HTTP_ORIGIN"], '.domain.com')) {
    header('Access-Control-Allow-Origin:' . $_SERVER["HTTP_ORIGIN"]);
    header('Access-Control-Allow-Credentials:true');
}
header('Access-Control-Allow-Methods:GET, POST, OPTIONS');
header('Access-Control-Allow-Headers:Content-Type,Origin,X-Requested-With');

Axios

Access-Control-Allow-Origin為 * 時不允許攜帶 Cookie
(可通過動態設置域名配置允許跨域的域名)

axios.defaults.withCredentials = true
//需后台配置Access-Control-Allow-Credentials:true
//若允許跨域的域名設置為 * 則不允許攜帶cookie此處須設置為 false

 

ThinkPHP6中間件模式（多應用）

<?php

namespace app\api\middleware;

use Closure;
use think\Config;
use think\Response;

class AllowOriginMiddleware
{
    protected $header = [
        //同源安全策略
        'Access-Control-Allow-Origin'   => 'test.domain.com',
        //預檢結果緩存
        'Access-Control-Max-Age'        => 86400,
        //允許請求類型
        'Access-Control-Allow-Methods'  => 'GET,POST,OPTIONS',
        //允許請求頭字段
        'Access-Control-Allow-Headers'  => 'Authorization, Content-Type, Origin',//允許攜帶Cookie
        //'Access-Control-Allow-Credentials'=>true
    ];

    public function handle($request, Closure $next, ?array $header = [])
    {
        $header = !empty($header) ? array_merge($this->header, $header) : $this->header;

        $origin = $request->header('origin');
        if ($origin) {
            $header['Access-Control-Allow-Origin'] = $origin;
        }
        else {
            $header['Access-Control-Allow-Origin'] = '*';
        }

        return $next($request)->header($header);
    }
}

 在對應應用  middleware 中引用中間件

return [
    app\api\middleware\AllowOriginMiddleware::class
];