我有一个混合 vuejs 应用程序,它在 web 版本上正常工作,但是419当从 Android 版本调用它时,它是从 Laravel 服务器获取的。
AXIOS 呼叫
vm.axios.get('/sanctum/csrf-cookie').then(response => {
vm.logging = true;
vm.axios({
method: 'POST',
url: '/api/login/employee',
data:{
email: vm.email,
password: vm.password
},
}).then(function (response) {
console.log(response.data)
if(response.data.success){
vm.axios.defaults.headers.common['Authorization'] = 'Bearer '+response.data.token;
localStorage.setItem('bearer', vm.axios.defaults.headers.common['Authorization']);
vm.$store.commit('updateUserData');
}
}, function (error) {
console.log(error.message)
}).then(function (){
vm.logging = false;
});
});
CORS
'paths' => ['api/*','sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
核心
protected $middleware = [
// \App\Http\Middleware\TrustHosts::class,
\App\Http\Middleware\TrustProxies::class,
\Fruitcake\Cors\HandleCors::class,
\App\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* @var array
*/
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
// \Illuminate\Session\Middleware\AuthenticateSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
'api' => [
EnsureFrontendRequestsAreStateful::class,
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];