TP5:
/*防止跨域*/
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, authKey, sessionId");
YII2:
public function behaviors()
{
return ArrayHelper::merge([
[
'class' => Cors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET','POST','DELETE','OPTIONS','PUT'],
'Access-Control-Request-Headers'=>['*']
],
],
//权限认证器
'authenticator' =>[
'class' => CompositeAuth::className(),
'authMethods' => [
HttpBearerAuth::className(),
],
'optional' => [ 'login','authlogin','codelogin'],
]
], parent::behaviors());
}