跨域中间件

app/middleware/AccessControlCors.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace app\middleware;
+
+use Webman\MiddlewareInterface;
+use Webman\Http\Response;
+use Webman\Http\Request;
+
+class AccessControlCors implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        // 如果是options请求则返回一个空响应，否则继续向洋葱芯穿越，并得到一个响应
+        $response = $request->method() == 'OPTIONS' ? response('') : $handler($request);
+
+        // 给响应添加跨域相关的http头
+        $response->withHeaders([
+            'Access-Control-Allow-Credentials' => 'true',
+            'Access-Control-Allow-Origin' => $request->header('origin', '*'),
+            'Access-Control-Allow-Methods' => $request->header('access-control-request-method', '*'),
+            'Access-Control-Allow-Headers' => $request->header('access-control-request-headers', '*'),
+        ]);
+
+        return $response;
+    }
+}

config/middleware.php

@@ -12,4 +12,8 @@
  * @license   http://www.opensource.org/licenses/mit-license.php MIT License
  */
 
-return [];
+return [
+    '' => [
+        app\middleware\AccessControlCors::class,
+    ]
+];

route/admin.php

@@ -1,8 +1,11 @@
 <?php
 
-use app\admin\controller\finance\WriteOffController;
 use Webman\Route;
 
+Route::options('[{path:.+}]', function (){
+    return response('');
+});
+
 Route::group('/admin', function () {
     Route::group('/upload', function () {
         Route::post('/image', [\app\admin\controller\sys_manage\UploadController::class, 'image']);

start.php

@@ -3,9 +3,11 @@
 // 允许所有域名进行访问
 header('Access-Control-Allow-Origin: *');
 // 允许的HTTP方法
-header('Access-Control-Allow-Methods: GET, POST, PUT');
+header('Access-Control-Allow-Methods: GET, POST');
 // 允许的头信息
-header('Access-Control-Allow-Headers: X-Requested-With, Content-Type');
+header('Access-Control-Allow-Headers: *');
+
+header('Access-Control-Allow-Credentials: true');
 
 require_once __DIR__ . '/vendor/autoload.php';
 support\App::run();