0

I'm developing an API with symfony, and of course i've taken cors into account. I installed the nelmio-cors-bundle but the header are not arriving to the client side:

My configuration is this:

nelmio_cors:
    defaults:
        allow_credentials: true
        allow_origin: []
        allow_headers: []
        allow_methods: []
        expose_headers: []
        max_age: 0
        hosts: []
        origin_regex: false
    paths:
        '^/api':
            allow_origin: ['*']
            allow_headers: ['*']
            allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
            max_age: 3600

I get back the following headers:

Allow → GET
Cache-Control → no-cache
Connection → close
Content-Type → application/json
Date → Mon, 16 Mar 2015 03:46:41 GMT
Host → 127.0.0.1:8000
X-Debug-Token → a6ec46
X-Debug-Token-Link → /_profiler/a6ec46
X-Powered-By → PHP/5.5.21

CORS headers are not there.

Can you help me? I'm running my app in symfony's dev server, is this a problem?

Thanks.

4

1 回答 1

1

正如官方文档中提到的那样:

allow_origin 和 allow_headers 可以设置为 * 以接受任何值,但是必须明确列出允许的方法。路径必须至少包含一项。

这是一个样本配置:

nelmio_cors:
  defaults:
    allow_credentials: false
    allow_origin: ['^http://localhost:[0-9]+']
    allow_headers: ['*']
    allow_methods: ['POST', 'GET']
    expose_headers: ['*']
    max_age: 0
    hosts: []
    origin_regex: false
    forced_allow_origin_value: ~
  paths:
    '^/':
        origin_regex: true
        allow_origin: ['^http://localhost:[0-9]+']
        allow_headers: ['Authorization']
        allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
        max_age: 3600
于 2017-08-16T12:00:00.343 回答