跨域请求兼容

app/template/demo/demo.tpl.php

@@ -492,7 +492,12 @@
             <str>'127.0.0.1/24'</str>
         ),
         <note>//多语言cookie字段</note>
-        <str>'languageCookie'</str> => <str>'biny_language'</str>
+        <str>'languageCookie'</str> => <str>'biny_language'</str>,
+        <note>// 允许跨域的域名 (* 为允许所有跨域请求)</note>
+        <str>'allowOrigin'</str> => <sys>array</sys>(
+            <str>'http://www.billge.cc'</str>,
+            <str>'https://www.billge.cc'</str>,
+        ),
     ),
 
     <note>//响应配置</note>

config/config.php

@@ -36,7 +36,9 @@
             '127.0.0.1/24'
         ),
         // 多语言cookie字段
-        'languageCookie' => 'biny_language'
+        'languageCookie' => 'biny_language',
+        // 允许跨域的域名 (* 为允许所有跨域请求)
+//        'allowOrigin' => ['http://www.billge.cc'],
     ),
 
     //响应配置

lib/business/Action.php

@@ -48,7 +48,7 @@ public function __construct()
         }
         if ($this->csrfValidate && !$this->request->validateCsrfToken()){
             header(App::$base->config->get(401, 'http'));
-            echo $this->error("Unauthorized");
+            echo $this->response->error("Unauthorized");
             exit;
         }
         // 权限验证

lib/business/Request.php

@@ -83,6 +83,20 @@ private function __construct($module, $method=null)
             $this->posts = $_POST;
             $this->gets = $_GET;
         }
+        // 跨域兼容处理
+        if ($_SERVER['HTTP_ORIGIN'] && $this->getHostInfo() != $_SERVER['HTTP_ORIGIN']) {
+            if (isset($this->config['allowOrigin']) &&
+                ($this->config['allowOrigin'] == '*' || in_array($_SERVER['HTTP_ORIGIN'], $this->config['allowOrigin']))) {
+                header("Access-Control-Allow-Credentials: true");
+                header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
+                header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
+                if ($this->getHttpMethod() == 'OPTIONS') {
+                    // 跨域preflight
+                    header(App::$base->config->get(204, 'http'));
+                    exit;
+                }
+            }
+        }
     }
 
 
@@ -196,15 +210,25 @@ private function matchCIDR($addr, $cidr) {
     }
 
     /**
-     * 验证csrfToken
+     * 获取http请求类型 GET POST OPTION
+     * @return string
      */
-    public function validateCsrfToken()
+    private function getHttpMethod()
     {
         if (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) {
             $method = strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
         } else {
             $method = isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET';
         }
+        return $method;
+    }
+
+    /**
+     * 验证csrfToken
+     */
+    public function validateCsrfToken()
+    {
+        $method = $this->getHttpMethod();
         if (in_array($method, ['GET', 'HEAD', 'OPTIONS'], true)) {
             return true;
         }
@@ -276,11 +300,7 @@ public function getMethod($row=false)
             return $this->method;
         } else {
             if ($this->action && $this->action->getRestful()){
-                if (isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'])) {
-                    $method = strtoupper($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']);
-                } else {
-                    $method = isset($_SERVER['REQUEST_METHOD']) ? strtoupper($_SERVER['REQUEST_METHOD']) : 'GET';
-                }
+                $method = $this->getHttpMethod();
                 return $method."_".$this->method;
             } else {
                 return 'action_' . $this->method;