方法一
header("access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With");// 响应头设置
header("access-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS");// 响应类型
header("access-control-allow-credentials: true");// 带 cookie 的跨域访问
header("access-control-allow-origin: *");// 允许所有的 域名跨域访问
header('X-Powered-By: WAF/2.0');
方法二
//设置允许跨域的 请求源地址 //方式一: header("Access-Control-Allow-Origin: *");//允许所有地址跨域请求 //方式二: header("Access-Control-Allow-Origin: http://localhost:8080");//指定某个地址可以跨域请求,这里只能指定一个 //方式三:如果要允许多个地址跨域请求可以这样写 $origin = ['http://localhost:8080','http://localhost:8081']; $AllowOrigin = 'http://localhost:8080'; if(in_array($_SERVER["HTTP_ORIGIN"],$origin)) { $AllowOrigin = $_SERVER["HTTP_ORIGIN"]; } header("Access-Control-Allow-Origin: ".$AllowOrigin ); --------------------------------------------------------------------------------- //设置允许的请求方法,可以用*表示所有, header("Access-Control-Allow-Methods: POST"); --------------------------------------------------------------------------------- //如果允许请求携带cookie,此时 origin配置不能用 *,此时前端似乎也要做配置,让请求中携带cookie header('Access-Control-Allow-Credentials:true'); --------------------------------------------------------------------------------- //设置允许跨域的请求头,通常会在请求头里面加登录验证信息,那么服务端需要指定允许那些请求头,这里不能用*,多个字段用逗号隔开。 header('Access-Control-Allow-Headers:token');
方法三:针对thinkphp 5.0 api开发(其他的TP应该也可以)
Access to XMLHttpRequest at 'http://smartserver/index.php/api/Auth/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
解决:
// 允许所有域名访问
header('Access-Control-Allow-Origin:*');
Access to XMLHttpRequest at 'http://smartserver/index.php/api/Auth/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
解决:
if($_SERVER['REQUEST_METHOD'] == 'OPTIONS')
{
header("Access-Control-Allow-Origin: *");// 允许所有的 域名跨域访问
// header("Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type, Accept,Authorization");// 响应头设置
header("access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With");// 响应头设置
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD, OPTIONS,PATCH");// 响应类型
exit;
}
具体作法:封装一个类Common继承Controller
<?php
namespace app\api\controller;
use think\Controller;
use think\Request;
use app\api\service\Token;
class Common extends Controller
{
/**
* 构造函数
*/
public function _initialize()
{
//设置编码
header('content-type:text/html; charset=utf-8');
// 允许所有域名访问
header("Access-Control-Allow-Origin: *");// 允许所有的 域名跨域访问
// header("Access-Control-Allow-Headers: Origin,X-Requested-With,Content-Type, Accept,Authorization");// 响应头设置
header("access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With");// 响应头设置
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, HEAD, OPTIONS,PATCH");// 响应类型
if(request()->isOptions())
{
exit;
}
}
}
在调用的接口类中继承这个Common类
<?php
namespace app\api\controller;
use think\Controller;
use app\api\model\User;
class Auth extends Common
{
public function login(){
}
}
到此Ok。
还有一方法:chrome插件 :未验证
Allow CORS: Access-Control-Allow-Origin Chrome 扩展下载 - 插件迷
在插件安装界面,把下载的zip包拖进去就可以安装