admin_consumer/config/autoload/cors.php

<?php
return [
    'paths' => ['api/*', 'chat/stream'], // 允许访问的路径
    'allowed_methods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
    'allowed_origins' => ['http://localhost:3000', 'http://192.168.1.100:3000'], // 替换为你的前端地址
    'allowed_headers' => ['Content-Type', 'Authorization'], // 允许的请求头
    'exposed_headers' => [], // 暴露给前端的响应头
    'max_age' => 0, // 预检请求的结果可以被缓存的时间
    'supports_credentials' => false, // 是否支持凭证
];