header('Origin'); dump($origin);die; if (in_array($origin, $allowedOrigins)) { header('Access-Control-Allow-Origin: '. $origin); } else { // 处理不允许的来源，例如返回403错误 return response()->code(403)->data(['message' => 'Forbidden']); } header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With'); header('Access-Control-Allow-Credentials: true'); if ($request->method() === 'OPTIONS') { return response()->code(204); } return $next($request)->header($header); } }