ionic2/angular2 不能访问laravel5.3 创建的api

laravel 5.3 api已经配置完成了

    //category.service.ts
    private headers = new Headers({'Content-Type': 'application/json','Accept':'application/json','Authorization':'Bearer '+window.localStorage.getItem('token')});

    private heroesUrl = 'http://xingao.5188cms.com/api/user';  // URL to web api

    private handleError(error: any): Promise<any> {
      console.error('An error occurred', error); // for demo purposes only
      return Promise.reject(error.message || error);
    }

这样去访问，提示XMLHttpRequest cannot load http://xingao.5188cms.com/api/user. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.,看样子是跨域的问题，可是我用postman是可以成功获取到数据的

第二步

我把链接换成了一个http://xingao.5188cms.com/test.php

//test.php
<?php 
header("Access-Control-Allow-Origin: *");
$arr=['1','2'];

echo json_encode($arr);
?>

还是不行XMLHttpRequest cannot load http://xingao.5188cms.com/test.php. Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

第三步

我把链接换成了一个/test.json，却可以的

那到底是什么原因。。。。

回复内容：

laravel 5.3 api已经配置完成了

    //category.service.ts
    private headers = new Headers({'Content-Type': 'application/json','Accept':'application/json','Authorization':'Bearer '+window.localStorage.getItem('token')});

    private heroesUrl = 'http://xingao.5188cms.com/api/user';  // URL to web api

    private handleError(error: any): Promise<any> {
      console.error('An error occurred', error); // for demo purposes only
      return Promise.reject(error.message || error);
    }

这样去访问，提示XMLHttpRequest cannot load http://xingao.5188cms.com/api/user. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.,看样子是跨域的问题，可是我用postman是可以成功获取到数据的

第二步

我把链接换成了一个http://xingao.5188cms.com/test.php

//test.php
<?php 
header("Access-Control-Allow-Origin: *");
$arr=['1','2'];

echo json_encode($arr);
?>

还是不行XMLHttpRequest cannot load http://xingao.5188cms.com/test.php. Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.

第三步

我把链接换成了一个/test.json，却可以的

那到底是什么原因。。。。

Access-Control-Allow-Origin
跨域的问题
这是浏览器的限制