本文介绍了Symfony 4.1-CORS问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的symfony 4.1 API有一些问题:

I have some issue with my symfony 4.1 API:

我正在使用带有角度的httpclient的离子应用程序来使用我的API.

I'm consuming my API through a ionic application using angular httpclient.

我的问题是CORS标头,尤其是Access-Control-Allow-Methods

My problem is with the CORS headers especially Access-Control-Allow-Methods

我的CORS遇到了问题,因为我的API和应用程序的来源不同,这导致我的安装nelmio/cors-bundle可以处理CORS.

I've had problems with CORS since my API and my application aren't on the same origin which made my install nelmio/cors-bundle to handle CORS.

我的nelmio_cors.yaml如下:

nelmio_cors:
    paths:
        '^/api/':
            origin_regex: true
            allow_origin: ['*']
            allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
            allow_headers: ['Content-Type', 'Authorization']
            max_age: 3600

这实际上适用于我从那时起使用的所有方法:

This actually works for all the methods i was using since then:

  • 发布请求[确定]
  • 获取请求[确定]
  • 删除请求[确定]

现在,我想向我的API添加PATCH路由.我已经用Postman测试了控制器,我的工作像个魅力.现在,当我从角度服务查询相同的路线时:

Now i wanted to add a PATCH route to my API. I've testing the controller with Postman and i works like a charm. Now when i query the same route from my angular service :

        return this.http.patch(this.url + '/api/users/' + userId,
                               dataToPatch, 
                               this.authHeaders)
                        .map(response => response.json());

控制台记录以下内容:

Failed to load http://symfony.local/api/users/1: Method PATCH is not allowed by Access-Control-Allow-Methods in preflight response.

在这里您可以看到请求的响应标头:

Here you can see the response headers of the request:

Access-Control-Allow-Headers: authorization,content-type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
Allow: POST, GET, OPTIONS, PUT, DELETE
Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 06 Nov 2018 14:02:51 GMT
Server: nginx
Transfer-Encoding: chunked
X-Powered-By: PHP/7.2.11

如您所见,如果我正确理解CORS标头,则不允许使用PATCH方法,但是为什么当使用postman来使用API​​时,它为什么能起作用.

As you can see and if i understand CORS headers correctly, PATCH methods aren't allowed but then why does it works when using postman to consume the API.

我还安装了chrome的Allow-Control-Allow-Origin:*扩展程序,但在那里也没有成功...

I've also installed chrome's Allow-Control-Allow-Origin:* extension but no success there aswell...

我正在使用 https://github.com/ikamikaz3/docker-symfony 就像我的筹码可以从那里来吗? (可能在某处配置错误?)

I'm using https://github.com/ikamikaz3/docker-symfony as my stack could it come from there ? (misconfiguration somewhere maybe?)

如果需要,我可以提供更多代码,但这对我来说似乎是一个愚蠢的错误...

I can provide more code if required but it seems like a stupid mistake to me...

从chrome卸载Allow-Control-Allow-Origin:*后,我在登录时得到以下提示

After uninstalling Allow-Control-Allow-Origin:* from chrome i get the following on login

Failed to load http://symfony.local/login_check: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'null' that is not equal to the supplied origin. Origin 'http://localhost:8100' is therefore not allowed access.

在我的nginx容器中使用以下内容更新了我的symfony.conf之后,我设法使API正常工作,虽然PATCH仍然损坏,但我认为我可以做到

After updating my symfony.conf with the following inside my nginx container, i managed to get the API to work, PATCH still broken tho but i think i can do it <3

    if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            #
            # Custom headers and headers various browsers *should* be OK with but aren't
            #
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
            #
            # Tell client that this pre-flight info is valid for 20 days
            #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain; charset=utf-8';
        add_header 'Content-Length' 0;
        return 204;
    }
    if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
    }
    if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
        add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
    }

推荐答案

我设法使它起作用,所以这是我的参考方法:

I've managed to get this to work so here's how i did it for reference:

  1. 删除nelmio/cors-bundle(因为我们直接使用NGINX处理CORS),因为它引起了类似2 Allow-Control-Allow-Origin标头字段的冲突.

  1. Remove nelmio/cors-bundle (since we handle CORS directly with NGINX), because it caused conflits like 2 Allow-Control-Allow-Origin header field.

在nginx.conf中添加我想要的方法(其余配置与我的原始帖子一样)

Add the methods i want in nginx.conf (with the rest of the config as in my original post)

if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Methods' 'HTTP_VERBS, SEPARATED, WITH, COMMAS';

if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Methods' 'HTTP_VERBS, SEPARATED, WITH, COMMAS';

重建我的docker堆栈docker-compose build

Rebuild my docker stack docker-compose build

您可以在 http://github.com/ikamikaz3/docker-symfony 其中包含一个带有ELK/Kibana,Symfony flex堆栈,PhpMyAdmin(WIP),以及现在具有CORS支持的NGINX!

You can find my fork of maxpou's docker-symfony for more in depth informations (config files etc...) at http://github.com/ikamikaz3/docker-symfonywhich contains an Symfony flex stack with ELK/Kibana, PhpMyAdmin (WIP), and now NGINX with CORS support !!

这篇关于Symfony 4.1-CORS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-13 15:23