📅 最后修改于: 2023-12-03 14:43:44.851000 🧑 作者: Mango
allowed_originsWhen building web applications, we often come across situations where our front-end code is hosted on a different domain than our back-end code.
This is why many modern web browsers have implemented a security protocol called CORS (Cross-Origin Resource Sharing). CORS is a mechanism that allows websites to request resources from other domains and servers.
Laravel, being a popular PHP web application framework, has its own implementation of CORS that is built into its core. In the config/cors.php file, we can find the CORS configuration settings for our Laravel application.
One of the important settings in this file is the allowed_origins setting. This setting defines the domains that are allowed to access our Laravel API.
'allowed_origins' => [
'http://localhost:3000',
],
As we can see from the example above, allowed_origins is an array that contains one or more domain names. In this case, we are allowing requests from http://localhost:3000.
We can add additional domains to this array as needed:
'allowed_origins' => [
'http://localhost:3000',
'https://www.example.com',
],
This configuration would allow requests from both http://localhost:3000 and https://www.example.com.
In summary, the allowed_origins setting in the Laravel CORS configuration file is an array of domain names that are allowed to access our Laravel API. By default, only requests from the same domain are allowed, so it is important to configure this setting correctly to accommodate cross-domain requests.