齐天大圣
- 齐天大圣 回答了问题 yii2+vue前后端分离时的跨域问题
最后这样解决的
public function behaviors() { $behaviors = [ 'verbs' => [ 'class' => VerbFilter::className(), 'actions' => [], ], 'corsFilter' => [ 'class' => Cors::className(), 'cors' => [ 'Origin' => ['*'], 'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'], 'Access-Control-Request-Headers' => ['*'], 'Access-Control-Allow-Origin' => ['*'], 'Access-Control-Allow-Credentials' => true, 'Access-Control-Max-Age' => 86400, 'Access-Control-Expose-Headers' => [], ], ], ]; if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { $behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className(), 'optional' => [ 'login', 'signup' ], ]; } return $behaviors; }
正如@kasa0421所说,当继承rest\ActiveController时,访问post动作时,verb默认是post。这里重写verbs就行了
- 齐天大圣 2017-10-30 已签到连续签到1天,获得了5个金钱
- 齐天大圣 赞了说说接触yii有半年了,第一天来社区。
如果你是APACHE服务器的话可以尝试在conf文件见里面配置header 试一下
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS,DELETE" Header always set Access-Control-Allow-Credentials "true" Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
然后在我API认证的时候去除了对OPTIONS的请求的验证
if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { .... }
你可以尝试这样配置下。另外就是我还做了一下将OPTIONS的请求都返回了200,让前端省去判断这个请求的返回结果。
是在.htacess里面写的rewrite:RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]
如果有需要你可以试试
我现在的路由规则如下:
'extraPatterns' => [ 'POST login' => 'login', 'POST logout' => 'logout', 'POST signup' => 'signup', 'GET user-info' => 'user-info', 'GET list' => 'list', 'OPTIONS,POST create' => 'create', 'POST add' => 'add', ],
还是返回405啊,@kasa0421你是怎么解决这个问题的啊,你的客户端不会发送options请求吗?
如果你是APACHE服务器的话可以尝试在conf文件见里面配置header 试一下
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS,DELETE" Header always set Access-Control-Allow-Credentials "true" Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"
然后在我API认证的时候去除了对OPTIONS的请求的验证
if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { .... }
你可以尝试这样配置下。另外就是我还做了一下将OPTIONS的请求都返回了200,让前端省去判断这个请求的返回结果。
是在.htacess里面写的rewrite:RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]
如果有需要你可以试试
**我是这样配置的,基本的操作都是ok的,例如我登录的时候没问题,但是当我调用的是create方法时就不行了,是不是yii2默认设置了访问create方法时,要求verbs必须是post呢,如果我不调用create方法,而是其他的名字发现就可以啊。我配置在controler中如下:
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['corsFilter'] = [ 'class' => Cors::className(), 'cors' => [ 'Origin' => ['*'], 'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'], 'Access-Control-Request-Headers' => ['*'], 'Access-Control-Allow-Origin' => ['*'], 'Access-Control-Allow-Credentials' => true, 'Access-Control-Max-Age' => 86400, 'Access-Control-Expose-Headers' => [], ], ]; if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { $behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className(), 'optional' => [ 'login', 'signup' ], ]; } return $behaviors; }
- 齐天大圣 提出了问题yii2+vue前后端分离时的跨域问题
- 齐天大圣 发表了说说什么时候可以上vpn
- 齐天大圣 2017-10-25 已签到连续签到3天,获得了15个金钱
- 齐天大圣 赞了话题rbac最简单实现方案