php - Yii2 AccessControl 用于特定网站访问的操作

Question

我的 ssl 服务器上有一个后端项目，例如 ssl.mybackend.com，包含以下内容:

class FormController extends Controller
{
    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [                    
                    [
                        'actions' => ['index', 'delete', 'view', 'create'],
                        'allow' => true,
                        'roles' => ['@'], //only authorized users
                    ],
                    [
                        'actions'=> ['create-order'],
                        'allow'=>true   //change all users to "myfrontend.com"                   
                    ]
                ],
            ],

        ];
    }

我只需要向我的前端网站授予对 create-order 操作的访问权限。 我不确定是否可以使用 AccessControl，如果您能建议其他解决方案，我将不胜感激。

Answer 1

如果您想从另一个域的前端使用 ajax 调用，您应该改用 corsFilter。文档中的示例:

public function behaviors()
{
    return [
        'corsFilter' => [
            'class' => \yii\filters\Cors::className(),
            'cors' => [
                // restrict access to
                'Origin' => ['http://www.myserver.com', 'https://www.myserver.com'],
                'Access-Control-Request-Method' => ['POST', 'PUT'],
                // Allow only POST and PUT methods
                'Access-Control-Request-Headers' => ['X-Wsse'],
                // Allow only headers 'X-Wsse'
                'Access-Control-Allow-Credentials' => true,
                // Allow OPTIONS caching
                'Access-Control-Max-Age' => 3600,
                // Allow the X-Pagination-Current-Page header to be exposed to the browser.
                'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
            ],

        ],
    ];
}

Cross Origin Resource Sharing in Yii2