讨论数量:
其中一个错误是说:由于是在跨站上下文中,且“SameSite”值为“Lax”或“Strict”,已拒绝 Cookie “laravel_session”。但是后台的‘same_site’=>'none'设置没有lax、strict
把路由写在routes/api.php
下而非routes/web.php
下. 因为默认后者会有CSRF
保护, 除非在Http/Middleware/VerifyCsrfToken.php
中的protected $except = []
中添加忽略.
简单粗暴点就是nginx添加
add_header 'Access-Control-Allow-Methods' 'GET,OPTIONS,PUT,DELETE' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Expose-Headers' 'Access-Token' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,Keep-Alive,Content-Type,accept,origin,X-Requested-With, Access-Token,Token,Device,backend,City,apiVersion' always;
/app/Http/Kernel.php,api路由中间件里将 \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class 注释掉
推荐文章: