refactor: 修改跨域返回头中允许Authorization暴露

2025-03-29 15:35:11 +08:00
parent 0bcc8cc105
commit 20df43c95d
3 changed files with 7 additions and 3 deletions
--- a/.env.dev
+++ b/.env.dev
@@ -12,8 +12,8 @@ DB_PREFIX = ow_
 DEFAULT_LANG = zh-cn

 [JWT]
-TTL = 3600
-REFRESH_TTL = 20160
+TTL=3600
+REFRESH_TTL=20160
 SECRET=b43e6276644ed60e65c50d1b324ba10b

 # 后台不需要登录的接口
--- a/.env.local
+++ b/.env.local
@@ -20,3 +20,7 @@ SECRET=b43e6276644ed60e65c50d1b324ba10b
 [ADMIN_AUTH]
 WHITE_LIST[] = v1/user/login
 WHITE_LIST[] = v1/user/captcha
+
+# 不需记录日志的接口
+[ADMIN_API]
+IGNORE_LOGGING_LIST[] = v1/OperateLog/index
--- a/config/cors.php
+++ b/config/cors.php
@@ -6,7 +6,7 @@ return [
    'allowed_origins_patterns' => [],
    'allowed_methods'          => ['GET', 'POST', 'DELETE', 'PUT', 'OPTIONS'],
    'allowed_headers'          => ['Content-Type', 'Authorization', 'Refresh-Authorization', 'Content-Disposition'],
-    'exposed_headers'          => [],
+    'exposed_headers'          => ['Authorization'],
    'max_age'                  => 7200,
    'supports_credentials'     => true,
 ];