headers->set('Access-Control-Allow-Origin', '*'); $response->headers->set('Access-Control-Allow-Credentials', 'true'); $response->headers->set('Access-Control-Max-Age', 1800); $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With, User-Language'); // 如果是预检请求, 返回 204 if ($request->isMethod('OPTIONS')) { return response()->json([], 204, $response->headers->all()); } return $response; } }