推荐使用中间件配置跨域,TP6通过创建CorsMiddleware设置响应头并拦截OPTIONS请求返回204状态码,TP5可在基类控制器中统一添加header,也可用Response对象或Nginx配置实现,关键在于正确处理预检请求。
ThinkPHP 实现跨域请求(CORS)主要通过设置响应头来允许浏览器进行跨域访问。以下是 ThinkPHP 5 和 ThinkPHP 6 的常见配置方式,适用于前后端分离项目。
步骤:
php think make:middleware CorsMiddleware
app/middleware/CorsMiddleware.php
写入以下内容:
public function handle($request, \Closure $next)
{
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
if ($request->isOptions()) {
return response('', 204);
}
return $next($request);
}
注册中间件:在 app/middleware.php 中添加:
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
if ($request->isOptions()) {
return response('', 204);
}
return $next($request);
}return [
// 其他中间件
\app\middleware\CorsMiddleware::class,
];
示例代码:
namespace app\controller;
use think\Controller;
use think\Response;
class BaseController extends Controller
{
public function initialize()
{
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
if (request()->isOptions()) {
exit();
}
}
}
让其他控制器继承 BaseController 即可自动支持跨域。
示例:
return json(['status' => 'success'])
->header([
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE',
'Access-Control-Allow-Headers' => 'Content-Type, Authorization',
])
在 server 块中加入:
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With';
注意:Nginx 方式更高效,但灵活性不如 PHP 层控制。
基本上就这些。根据你的 ThinkPHP 版本选择合适的方式,推荐 TP6 使用中间件,TP5 可用基类控制器统一处理。关键是拦截 OPTIONS 预检请求并正确返回 204 状态码。不复杂但容易忽略。
服务热线