管理后台和租户后台 VITE_APP_BASE_URL 全部设置为 api.***.com
方案一:
后端(接口)nginx配置
php
map $http_origin $cors_origin {
default "";
# 总后台
~^https?://system.***.com$ $http_origin;
# 租户端
~^https?://admin.***.com$ $http_origin;
# 后续新增租户域名在这里追加一行即可
# ~^https?://xxx.***.com$ $http_origin;
}
server
{
listen 80;
listen 443 ssl;
listen 443 quic;
http2 on;
server_name api.***.com;
index index.html index.php;
root /www/wwwroot/api.***.com/public;
# 允许所有租户域名及主域名跨域
add_header Access-Control-Allow-Origin $cors_origin always;
add_header Access-Control-Allow-Credentials true always;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers "Authorization, Content-Type, X-Tenant-Code, version, token" always;
# add_header Access-Control-Max-Age 86400 always;
if ($request_method = 'OPTIONS') {
return 204;
}修改 app\common\http\middleware\LikeAdminAllowMiddleware.php
php
// 查找handle()方法,修改
//$domain = preg_replace('/^https?:\/\/|\/$/', '', $request->domain());
if (!empty($origin)) {
$domain = preg_replace('/^https?:\/\/|\/$/', '', $origin);
} else {
$domain = preg_replace('/^https?:\/\/|\/$/', '', $request->domain());
}
// 注释掉setCorsHeaders()内容
private function setCorsHeaders()
{
/* $headers = [
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Headers' => implode(', ', self::ALLOWED_HEADERS),
'Access-Control-Allow-Methods' => 'GET, POST, PATCH, PUT, DELETE, post',
'Access-Control-Max-Age' => '1728000',
'Access-Control-Allow-Credentials' => 'true',
];
foreach ($headers as $key => $value) {
header("$key: $value");
} */
}方案二:
不修改nginx配置,只修改app\common\http\middleware\LikeAdminAllowMiddleware.php
php
//$domain = preg_replace('/^https?:\/\/|\/$/', '', $request->domain());
if (!empty($origin)) {
$domain = preg_replace('/^https?:\/\/|\/$/', '', $origin);
} else {
$domain = preg_replace('/^https?:\/\/|\/$/', '', $request->domain());
}'Access-Control-Allow-Origin' => '*';建议根据domain动态查询租户别名,不要使用*