yii2+vue前后端分离时的跨域问题 [ 2.0 版本 ]
如题,我在前端发送请求时,请求方法是options,如果我post一个create,那么yii就会发现create请求应该是post而不是options,然后反了一个405,怎么处理呢?
最后这样解决的
public function behaviors()
{
$behaviors = [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [],
],
'corsFilter' => [
'class' => Cors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
'Access-Control-Request-Headers' => ['*'],
'Access-Control-Allow-Origin' => ['*'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Max-Age' => 86400,
'Access-Control-Expose-Headers' => [],
],
],
];
if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') {
$behaviors['authenticator'] = [
'class' => HttpBearerAuth::className(),
'optional' => [
'login',
'signup'
],
];
}
return $behaviors;
}
正如@kasa0421所说,当继承rest\ActiveController时,访问post动作时,verb默认是post。这里重写verbs就行了
共 2 个回答
-
如果你是APACHE服务器的话可以尝试在conf文件见里面配置header 试一下
Header always set Access-Control-Allow-Origin "*" Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS,DELETE" Header always set Access-Control-Allow-Credentials "true" Header always set Access-Control-Allow-Headers "Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With"然后在我API认证的时候去除了对OPTIONS的请求的验证
if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { .... }你可以尝试这样配置下。另外就是我还做了一下将OPTIONS的请求都返回了200,让前端省去判断这个请求的返回结果。
是在.htacess里面写的rewrite:RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ $1 [R=200,L]如果有需要你可以试试
共 6 条回复
**我是这样配置的,基本的操作都是ok的,例如我登录的时候没问题,但是当我调用的是create方法时就不行了,是不是yii2默认设置了访问create方法时,要求verbs必须是post呢,如果我不调用create方法,而是其他的名字发现就可以啊。我配置在controler中如下:
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['corsFilter'] = [ 'class' => Cors::className(), 'cors' => [ 'Origin' => ['*'], 'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'], 'Access-Control-Request-Headers' => ['*'], 'Access-Control-Allow-Origin' => ['*'], 'Access-Control-Allow-Credentials' => true, 'Access-Control-Max-Age' => 86400, 'Access-Control-Expose-Headers' => [], ], ]; if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') { $behaviors['authenticator'] = [ 'class' => HttpBearerAuth::className(), 'optional' => [ 'login', 'signup' ], ]; } return $behaviors; } @shuzhiqian 是这样的如果你继承了 yii\rest\ActiveController,默认使用的是rest风格的请求格式,create方法默认约定使用post请求的,你可以再慢慢看下文章中的restfull web服务路由章节。可以override这个verbs方法 加上OPTIONS对create的请求,也有别的方法如 http://www.yiichina.com/question/3205 这个哥们回答的针对某个action的请求加上options请求的允许
我现在的路由规则如下:
'extraPatterns' => [ 'POST login' => 'login', 'POST logout' => 'logout', 'POST signup' => 'signup', 'GET user-info' => 'user-info', 'GET list' => 'list', 'OPTIONS,POST create' => 'create', 'POST add' => 'add', ],还是返回405啊,@kasa0421你是怎么解决这个问题的啊,你的客户端不会发送options请求吗?
齐天大圣 觉得很赞 -
齐天大圣 北京
最后登录:2020-06-05
在线时长:18小时30分
- 粉丝6
- 金钱550
- 威望0
- 积分730