我正在尝试使用Vuejs构建一个独立的前端Web应用程序,并从我构建的Laravel 9 API获取数据。当我试图从前端访问数据时,浏览器控制台显示以下响应:
XMLHttpRequest在'http://localhost:8000/api'上的访问已被CORS策略阻止:请求的资源上没有'Access-Control-Allow-Origin'标头。
后端代码(Laravel 9)
1- api.php文件
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Models\User;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::get('/', function () {
$users = User::all();
return response()->json($users, 200);
});
2- cors.php文件(默认配置)
<?php
return [
/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];
前端代码(Vuejs)
import { createApp } from 'vue'
import axios from 'axios'
import VueAxios from 'vue-axios'
import App from './App.vue'
const app = createApp(App)
app.use(VueAxios, axios)
app.mount('#app')
2- Users.vue(获取数据的组件)
<template>
<div class="users">
test
<button @click="getUsers()">Get Users</button>
{{ users }}
</div>
</template>
<script>
export default {
data() {
return {
users: [],
}
},
methods: {
getUsers() {
this.axios.get('http://localhost:8000/api').then((response) => {
// this.users = response;
// console.log(this.users);
console.log(response);
}).catch(err => console.log('error: ' + err));
}
}
}
更新:更多说明
我使用了一个Google扩展程序,允许浏览器进行CORS,并且该扩展自动向响应添加以下标头:
a) access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
b) access-control-allow-methods: *
但我认为不能使用扩展程序作为解决方案,因为我想在生产环境下解决问题,而不仅仅是在调试模式下。
以下是浏览器响应的一些截图。
1- 浏览器中的CORS错误响应
2- 启用扩展程序之前的响应头数量(仅有9个响应头):
3- 启用扩展程序之前的响应头详情(仅有9个响应头):
4- 启用扩展程序之后的响应头数量(有11个响应头):
5- 启用扩展程序之后的响应头详情(有11个响应头)
http://localhost:8000/api
,也许尝试在cors路径中添加'api'。 - Igor Moraru