gx

@@ -15,22 +15,19 @@ class EnableCrossRequestMiddleware
      */
     public function handle($request, Closure $next)
     {
-        $response = $next($request);
-        $origin = $request->server('HTTP_ORIGIN') ?: '';
-//        $allow_origin = [
-//            'http://localhost:8080',
-//        ];
-//        if (in_array($origin, $allow_origin)) {
-            $header = [
-//                'Access-Control-Allow-Origin' => $origin,
-                'Access-Control-Allow-Origin' => '*',
-                'Access-Control-Allow-Headers' => '*',
-                'Access-Control-Expose-Headers' => '*',
-                'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS',
-                'Access-Control-Allow-Credentials' => 'true',
-            ];
-            $response->headers->add($header);
-//        }
-        return $response;
+        // 指定允许其他域名访问
+        $http_origin = "*";
+        if(isset($_SERVER['HTTP_ORIGIN'])){
+            $http_origin = $_SERVER['HTTP_ORIGIN'];
+        }
+        header("Access-Control-Allow-Origin:".$http_origin);
+        header('Access-Control-Allow-Methods:POST,GET'); //支持的http 动作
+        header('Access-Control-Allow-Credentials: true');
+        header('Access-Control-Max-Age: 1000');
+        header('Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, Accept, Authorization, token');  //响应头 请按照自己需求添加。
+        if (strtolower($_SERVER['REQUEST_METHOD']) == 'options') {
+            exit;
+        }
+        return $next($request);
     }
 }