跨域

app/Http/Middleware/CrossHttp.php

@@ -13,12 +13,17 @@ class CrossHttp
     public function handle($request, Closure $next)
     {
         $response = $next($request);
-        $response->header('Access-Control-Allow-Origin', "*");
-        $response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie,X-Requested-With, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
-        $response->header('Access-Control-Expose-Headers', 'Authorization, authenticated');
-        $response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
-        $response->header('Access-Control-Allow-Credentials', 'true');
-        $response->header('Content-type:', 'text/html; charset=utf-8"');
+        $response = $next($request);
+        $origin = $request->server('HTTP_ORIGIN') ? $request->server('HTTP_ORIGIN') : '';
+        $allow_origin = config("website.cros");
+        if(in_array($origin, $allow_origin)){
+            $response->header('Access-Control-Allow-Origin',$origin);
+            $response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie,X-Requested-With, X-CSRF-TOKEN, Accept, Authorization, X-XSRF-TOKEN');
+//        $response->header('Access-Control-Expose-Headers', 'Authorization, authenticated');
+            $response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
+            $response->header('Access-Control-Allow-Credentials', 'true');
+        }
+
         return $response;
     }
 }
\ No newline at end of file

config/website.php

@@ -22,4 +22,12 @@ return [
     // go 服务
     'go_server' => 'http://127.0.0.1:8070/',
 
+    "cros" =>[
+        "http://order.xiaokang.liexinlocal.com",
+        "http://order.liexindev.net",
+        "https://order.liexindev.net",
+        "http://order.ichunt.net",
+        "https://order.ichunt.net",
+    ],
+
 ];