请求 cloudinary 资源会出现 CORS 错误
requesting cloudinary resource gives CORS errors
我有一个 laravel/lumen 服务器管理我的云端资源的上传。我还将服务器用作我的前端应用程序的 API 端点。端点之一 returns 来自 Cloudinary 的文件。我通过将请求重定向到 Cloudinary 资源来执行此操作。但是我的应用程序失败了,因为重定向的资源上没有 CORS headers。
return redirect()->to("https://res.cloudinary.com/gates/raw/upload/" . $upload->id);
我得到的错误是:
Redirect from 'https://{my-server.com}/api/v1/export' to
'https://res.cloudinary.com/gates/raw/upload/{upload-id}' has been
blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. Origin 'https://{my-frontend.com}'
is therefore not allowed access.
您可以在您的服务器上使用这个库:https://github.com/barryvdh/laravel-cors
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT', 'DELETE']
'exposedHeaders' => [],
'maxAge' => 0,
]
allowedOrigins => [*] mean that you give access to your server, you can add ip's or dns for restrict access to your server
Here is my CORS middleware:
use Closure;
class CORS {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
];
if($request->getMethod() == "OPTIONS") {
// The client-side application can set only headers allowed in Access-Control-Allow-Headers
return Response::make('OK', 200, $headers);
}
$response = $next($request);
foreach($headers as $key => $value)
$response->header($key, $value);
return $response;
}
}
To use CORS middleware you have to register it first in your
app\Http\Kernel.php file like this:
protected $routeMiddleware = [
//other middlewares
'cors' => 'App\Http\Middleware\CORS',
];
Then you can use it in your routes
Route::get('example', array('middleware' => 'cors', 'uses' => 'ExampleController@dummy'));
我有一个 laravel/lumen 服务器管理我的云端资源的上传。我还将服务器用作我的前端应用程序的 API 端点。端点之一 returns 来自 Cloudinary 的文件。我通过将请求重定向到 Cloudinary 资源来执行此操作。但是我的应用程序失败了,因为重定向的资源上没有 CORS headers。
return redirect()->to("https://res.cloudinary.com/gates/raw/upload/" . $upload->id);
我得到的错误是:
Redirect from 'https://{my-server.com}/api/v1/export' to
'https://res.cloudinary.com/gates/raw/upload/{upload-id}' has been
blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource. Origin 'https://{my-frontend.com}'
is therefore not allowed access.
您可以在您的服务器上使用这个库:https://github.com/barryvdh/laravel-cors
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT', 'DELETE']
'exposedHeaders' => [],
'maxAge' => 0,
]
allowedOrigins => [*] mean that you give access to your server, you can add ip's or dns for restrict access to your server
Here is my CORS middleware:
use Closure;
class CORS {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
header("Access-Control-Allow-Origin: *");
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
];
if($request->getMethod() == "OPTIONS") {
// The client-side application can set only headers allowed in Access-Control-Allow-Headers
return Response::make('OK', 200, $headers);
}
$response = $next($request);
foreach($headers as $key => $value)
$response->header($key, $value);
return $response;
}
}
To use CORS middleware you have to register it first in your app\Http\Kernel.php file like this:
protected $routeMiddleware = [
//other middlewares
'cors' => 'App\Http\Middleware\CORS',
];
Then you can use it in your routes
Route::get('example', array('middleware' => 'cors', 'uses' => 'ExampleController@dummy'));