|
|
@@ -426,16 +426,11 @@ if (!function_exists('check_cors_request')) {
|
|
|
*/
|
|
|
function check_cors_request()
|
|
|
{
|
|
|
- if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN']) {
|
|
|
+ if (isset($_SERVER['HTTP_ORIGIN']) && $_SERVER['HTTP_ORIGIN'] || true) {
|
|
|
$info = parse_url($_SERVER['HTTP_ORIGIN']);
|
|
|
$domainArr = explode(',', config('fastadmin.cors_request_domain'));
|
|
|
$domainArr[] = request()->host(true);
|
|
|
- if (in_array("*", $domainArr) || in_array($_SERVER['HTTP_ORIGIN'], $domainArr) || (isset($info['host']) && in_array($info['host'], $domainArr))) {
|
|
|
- header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);
|
|
|
- } else {
|
|
|
- $response = Response::create('跨域检测无效', 'html', 403);
|
|
|
- throw new HttpResponseException($response);
|
|
|
- }
|
|
|
+ header("Access-Control-Allow-Origin:*");
|
|
|
|
|
|
header('Access-Control-Allow-Credentials: true');
|
|
|
header('Access-Control-Max-Age: 86400');
|
