Laravel Socialite 在 Postman 中工作,但在 SPA 中不起作用
我处于一种奇怪的情况,当我在邮递员中测试对 /auth/social/facebook 的请求时,我成功重定向到 facebook 页面,但是当从我的水疗中心向同一路线发出请求时,我收到 CORS 相关错误:
跨源请求被阻止:同源策略不允许读取 远程资源位于 https://www.facebook.com/v3.3/dialog/oauth?client_id=240805606930310&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fapi%2Fauth%2Fsocial%2Ffacebook%2Fcallback&scope=email& ;response_type=代码。 (原因:CORS 标头“Access-Control-Allow-Origin”丢失)。地位 代码:400。
在我的代码中,我有:
路线:
Route::get('/auth/social/{provider}', [AuthController::class, 'socialRedirect']);
控制器:
public function socialRedirect($provider){
return Socialite::driver($provider)->stateless()->redirect();
}
在CORS配置中:
<?php
return [
/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];
I am in a weird situation where when i test the request to /auth/social/facebook in postman i am successfully redirected to the facebook page, but when making a request to the same route from my spa i get CORS related errors:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading
the remote resource at
https://www.facebook.com/v3.3/dialog/oauth?client_id=240805606930310&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fapi%2Fauth%2Fsocial%2Ffacebook%2Fcallback&scope=email&response_type=code.
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status
code: 400.
In my code i have:
Route:
Route::get('/auth/social/{provider}', [AuthController::class, 'socialRedirect']);
Controller:
public function socialRedirect($provider){
return Socialite::driver($provider)->stateless()->redirect();
}
and in CORS config:
<?php
return [
/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不确定您是否使用 InertiaJS,但如果您将其用于 laravel 应用程序上的 SPA 连接器,并对标头信息进行修改以允许来源或执行重定向,这可能不起作用,因为发出了请求根据您的惯性要求。相反,您可以返回 Inertia 响应,通过该响应,Inertia 能够将请求重定向到您想要的位置。
关于此有一些有用的信息。
https://inertiajs.com/redirects#external-redirects
I am not sure if you are using InertiaJS or not, but if you are using it for the SPA connector on laravel app, and performing modification on header information for allowing the origin or doing the redirect which may not work, because the request is made up on your inertia request. Instead you can return a Inertia response through which Inertia will able to redirect the request on your desired location.
There is some helpful information on this.
https://inertiajs.com/redirects#external-redirects
这对我有用:
在此处检查有关外部重定向的信息:https://inertiajs.com/redirects
This worked for me:
Check info on external redirects here: https://inertiajs.com/redirects