domain())),"/"), ]; $admin_domain = env('system.admin_domain'); if(!empty($admin_domain)){ $admin_domain = explode(',', $admin_domain); foreach($admin_domain as $v){ if(!trim($v)) continue; $allow_origin[] = rtrim(str_replace('https://','',str_replace('http://','',$v)),"/"); } } // if(env('system.admin_domain')){ // $allow_origin[] = rtrim(str_replace('https://','',str_replace('http://','',env('system.admin_domain'))),"/"); // } $referer = $request->header('referer'); $origin = ''; if(!empty($referer)){ $referer = parse_url($referer); $referer = $referer['host'] ?? ''; $origin = rtrim(str_replace('https://','',str_replace('http://','',$referer)),"/"); } // $origin = $request->header('origin'); if(env('app_debug') || ($origin && in_array($origin, $allow_origin))){ // header('Access-Control-Allow-Origin: ' . $origin); header('Access-Control-Allow-Origin: *'); }else{ header('Access-Control-Allow-Origin: *'); throw new ServerException('SERVER_CROSS_REQUEST_FAIL', 409); } return $next($request); } }