refactor: 修改跨域返回头中允许Authorization暴露

2025-03-29 15:35:11 +08:00
parent f671dbbd19
commit 68f7ed356f
3 changed files with 7 additions and 3 deletions
--- a/.env.local
+++ b/.env.local
@@ -20,3 +20,7 @@ SECRET=b43e6276644ed60e65c50d1b324ba10b
 [ADMIN_AUTH]
 WHITE_LIST[] = v1/user/login
 WHITE_LIST[] = v1/user/captcha
+
+# 不需记录日志的接口
+[ADMIN_API]
+IGNORE_LOGGING_LIST[] = v1/OperateLog/index
--- a/config/cors.php
+++ b/config/cors.php
@@ -6,7 +6,7 @@ return [
    'allowed_origins_patterns' => [],
    'allowed_methods'          => ['GET', 'POST', 'DELETE', 'PUT', 'OPTIONS'],
    'allowed_headers'          => ['Content-Type', 'Authorization', 'Refresh-Authorization', 'Content-Disposition'],
-    'exposed_headers'          => [],
+    'exposed_headers'          => ['Authorization'],
    'max_age'                  => 7200,
    'supports_credentials'     => true,
 ];