2019-12-19 10:53:53 2461次浏览 4条回答 0 悬赏 10 金钱

通过搜索引擎发现在本站这个问题也提了很多遍了,但确实是没找到可行的解决方法,可能究其原因还是自身基础知识掌握不牢固,太零散,用起来的时候各种混乱。

按照 https://www.yiichina.com/question/3570https://www.yiichina.com/question/3281 的方法都试过了

现象:不停提示 No 'Access-Control-Allow-Origin' header is present on the requested resource.

根据 https://stackoverflow.com/questions/41647444/yii2-cors-filters-error-that-no-access-control-allow-origin-header-is-present 第一个回答的第四点,我在 Response http headers 里确实是没看到 Access-Control- 这样的返回信息,但根据第五、第六点修改后仍然出错

behavior配置:

public function behaviors()
{
    $behaviors = parent::behaviors();

    // remove authentication filter
    $auth = $behaviors['authenticator'];
    unset($behaviors['authenticator']);

    // add CORS filter
    $behaviors['corsFilter'] = [
        'class' => \yii\filters\Cors::className(),
        'cors' => [
          'Origin' => ['http://localhost:8002'],
          'Access-Control-Request-Method' => ['POST', 'GET', 'PUT'],
          'Access-Control-Request-Headers' => ['*'],
          'Access-Control-Allow-Credentials' => true,
          'Access-Control-Max-Age' => 86400,
        ],
        'actions' => [
          'login' => [
            'Access-Control-Allow-Credentials' => true,
          ]
      ]
    ];


    if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS')
    {
      $behaviors['authenticator'] = [
        'class' => HttpBearerAuth::className(),
        'optional' => [
          'login',
          'signup'
        ],
      ];
    }
    else
    {
      // re-add authentication filter
      $behaviors['authenticator'] = $auth;
      // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
      $behaviors['authenticator']['except'] = ['options'];
    }
    return $behaviors;
}

Nginx 配置:

location / {
    root   c:/localhost/basic/web/;
    index  index.php index.html index.htm;
    try_files $uri $uri/ /index.php?$args;
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

    if ($request_method = OPTIONS ) {
        add_header Access-Control-Allow-Origin "http://localhost:8002";
        add_header Access-Control-Allow-Methods "*";
        add_header Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding";
        add_header Access-Control-Allow-Credentials "true";
        add_header Content-Length 0;
        add_header Content-Type text/plain;
        return 200;
    }
}
  • 回答于 2019-12-19 13:06 举报

    修改Origin,先改成*,

    这是我自己的代码:

    $behaviors['corsFilter'] = [
        'class' => \yii\filters\Cors::class,
        'cors' => [
            'Origin' => ['*'],
            'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
            'Access-Control-Request-Headers' => ['*'],
            //'Access-Control-Request-Headers' => ['authorization'],
            //'Access-Control-Allow-Credentials' => true,
            'Access-Control-Max-Age' => 60,
            'Access-Control-Expose-Headers' => ['*'],
        ],
    ];
    
    2 条回复
    回复于 2019-12-19 15:18 回复

    谢谢回答,但仍然是不行,之前我试过这种方法,他会提示当 credentialsinclude 的时候 origin 不能为通配符。现在我不知道改了什么地方,仍然提示的是 No 'Access-Control-Allow-Origin' header is present on the requested resource.

    回复于 2019-12-19 17:40 回复

    我自己的,nginx环境,就可以用啊,没有任何额外的配置

  • 回答于 2019-12-19 15:30 举报
    public function behaviors()
        {
            return ArrayHelper::merge([
                'corsFilter' => [
                    'class' => Cors::className(),
                ],
            ], parent::behaviors(), [
                'authenticator' => [
                    'class'       => CompositeAuth::className(),
                    'authMethods' => [
                        HttpBasicAuth::className(),
                        HttpBearerAuth::className(),
                        QueryParamAuth::className(),
                    ],
                ],
                'rateLimiter'   => [
                    'enableRateLimitHeaders' => false,
                ],
            ]);
        }
    
    1 条回复
    回复于 2019-12-19 15:33 回复

    谢谢回答,但仍然不行,根据https://stackoverflow.com/questions/41647444/yii2-cors-filters-error-that-no-access-control-allow-origin-header-is-present 第四和第五提到的内容,我这里cors配置根本就没起作用,我猜测应该不是在behaviors里配置的问题

  • 回答于 2019-12-20 08:40 举报

    可以进行排查。
    第一,打印 $behaviors 里的内容,看里面的过滤器的顺序,看楼主 unset 权限验证器之后,觉得这个部分问题听不大,但是还是得打印看看先,一定要跨域在权限过滤器之前。

    第二,我觉得倒是可能是 nginx 的问题,可以把 nginx 中跨域配置那套给干掉,也许问题在 nginx

  • 回答于 2019-12-21 19:20 举报

    我也出现了跨域问题,请问解决了吗?我的是报 OPTIONS 500错误,火狐说是CORS 预检通道未成功

    2 条回复
    回复于 2019-12-27 18:47 回复

    解决了,但是我也忘记怎么解决的了。。。

    回复于 2020-01-04 16:46 回复

    好吧,我也搞定了。我是直接把接口和页面放在同一域名下

您需要登录后才可以回答。登录 | 立即注册
捣捣爸
见习主管

捣捣爸

注册时间:2019-05-23
最后登录:2022-04-26
在线时长:9小时29分
  • 粉丝0
  • 金钱105
  • 威望10
  • 积分295

热门问题