ホーム エクスプローラ ヘルプ
登録 サインイン
xmnk
/
course-site
2
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: master
ブランチ タグ
course-site
/
app
/
Http
/
Middleware
/
CorsMiddleware.php

CorsMiddleware.php 3.9 KB
パーマリンク 履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. <?php
    2. 

  2. 

  3. namespace App\Http\Middleware;
    4. 

  4. 

  5. use Closure;
    6. 

  6. 

  7. class  CorsMiddleware
    8. 

  8. {
    9. 

  9.     private $headers = [
    10. 

  10.         'Access-Control-Allow-Methods' => '*',
    11. 

  11.         'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language',
    12. 

  12.         'Access-Control-Allow-Credentials' => 'true',//允许客户端发送cookie
    13. 

  13.         'Access-Control-Max-Age' => 1728000 //该字段可选,用来指定本次预检请求的有效期,在此期间,不用发出另一条预检请求。
    14. 

  14.     ];
    15. 

  15. 

  16.     private $allow_origin = ['*'];
    17. 

  17.     protected $urls = ['/admin/view/attach-download/*', '/admin/user/student-export', '/admin/tcm/patient-export', '/api/course/attach-download/*'];
    18. 

  18. 

  19.     /**
    20. 

  20.      * Handle an incoming request.
    21. 

  21.      *
    22. 

  22.      * @param \Illuminate\Http\Request $request
    23. 

  23.      * @param \Closure $next
    24. 

  24.      * @return mixed
    25. 

  25.      */
    26. 

  26.     public function handle($request, Closure $next)
    27. 

  27.     {
    28. 

  28. //        $response = $next($request);
    29. 

  29. //
    30. 

  30. //        $paths = $this->urls;
    31. 

  31. ////        foreach ($paths as $path) {
    32. 

  32. ////            if ($path !== '/') {
    33. 

  33. ////                $path = trim($path, '/');
    34. 

  34. ////            }
    35. 

  35. ////
    36. 

  36. ////            if ($request->fullUrlIs($path) || $request->is($path)) {
    37. 

  37. ////                return $response;
    38. 

  38. ////            }
    39. 

  39. ////        }
    40. 

  40. //        $response->header('Access-Control-Allow-Origin', '*');
    41. 

  41. //        $response->header('Access-Control-Allow-Methods', '*');
    42. 

  42. //        $response->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language');
    43. 

  43. ////        $response->header('Access-Control-Allow-Headers', '*');
    44. 

  44. //        return $response;
    45. 

  45. 

  46. 

  47. //        $this->headers = [
    48. 

  48. //            'Access-Control-Allow-Methods' => '*',
    49. 

  49. //            'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Requested-With,DNT,X-Mx-ReqToken,ETag,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,language',
    50. 

  50. //            'Access-Control-Allow-Credentials' => 'true',//允许客户端发送cookie
    51. 

  51. //            'Access-Control-Max-Age' => 1728000 //该字段可选,用来指定本次预检请求的有效期,在此期间,不用发出另一条预检请求。
    52. 

  52. //        ];
    53. 

  53. 

  54. //        $this->allow_origin = ['*'];
    55. 

  55. 

  56.         $origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : '';
    57. 

  57. 

  58.         //如果origin不在允许列表内,直接返回403
    59. 

  59.         if (!in_array('*', $this->allow_origin) && !in_array($origin, $this->allow_origin) && !empty($origin))
    60. 

  60.             return Response('Forbidden', 403);
    61. 

  61.         //如果是复杂请求,先返回一个200,并allow该origin
    62. 

  62.         if ($request->isMethod('options'))
    63. 

  63.             return $this->setCorsHeaders(Response('OK', 200), $origin);
    64. 

  64.         //如果是简单请求或者非跨域请求,则照常设置header
    65. 

  65.         $response = $next($request);
    66. 

  66.         $methodVariable = array($response, 'header');
    67. 

  67.         //这个判断是因为在开启session全局中间件之后,频繁的报header方法不存在,所以加上这个判断,存在header方法时才进行header的设置
    68. 

  68.         if (is_callable($methodVariable, false, $callable_name)) {
    69. 

  69.             return $this->setCorsHeaders($response, $origin);
    70. 

  70.         }
    71. 

  71.         return $response;
    72. 

  72.     }
    73. 

  73. 

  74.     /**
    75. 

  75.      * @param $response
    76. 

  76.      * @return mixed
    77. 

  77.      */
    78. 

  78.     public function setCorsHeaders($response, $origin)
    79. 

  79.     {
    80. 

  80.         foreach ($this->headers as $key => $value) {
    81. 

  81.             $response->header($key, $value);
    82. 

  82.         }
    83. 

  83.         if (in_array($origin, $this->allow_origin)) {
    84. 

  84.             $response->header('Access-Control-Allow-Origin', $origin);
    85. 

  85.         } elseif (in_array('*', $this->allow_origin)) {
    86. 

  86.             $response->header('Access-Control-Allow-Origin', '*');
    87. 

  87.         } else {
    88. 

  88.             $response->header('Access-Control-Allow-Origin', '');
    89. 

  89.         }
    90. 

  90.         return $response;
    91. 

  91.     }
    92. 

  92. }
    93.