-
-
Save yashuarc/10080747 to your computer and use it in GitHub Desktop.
| public function beforeFilter() { | |
| parent::beforeFilter(); | |
| $this->response->header('Access-Control-Allow-Origin','*'); | |
| $this->response->header('Access-Control-Allow-Methods','*'); | |
| $this->response->header('Access-Control-Allow-Headers','X-Requested-With'); | |
| $this->response->header('Access-Control-Allow-Headers','Content-Type, x-xsrf-token'); | |
| $this->response->header('Access-Control-Max-Age','172800'); | |
| } |
Hi all,
I have finally found a more structure way in CakePHP 4.x to manage CORS.
I have created a middleware, inspired by the https://github.com/ozee31/cakephp-cors that finally manage correctly the OPTIONS preflying call.
if (strtoupper($request->getMethod()) === 'OPTIONS') {
$response = $response
->withHeader('Access-Control-Expose-Headers', $this->_exposeHeaders())
->withHeader('Access-Control-Allow-Headers', $this->_allowHeaders($request))
->withHeader('Access-Control-Allow-Methods', $this->_allowMethods())
->withStatus(200,__('You shall pass!!'));
}
With the last row ->withStatus(200,'some text here'); it works correctly.
I hope this give an help to someone.
I want to allow 2 domains and a subdomain. How can I do this? Allowing all the websites/subdomains are not good solution. Any suggestion. Thanks.
The middleware
class CorsMiddleware implements MiddlewareInterface
{
/**
* @inheritDoc
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
// Calling $handler->handle() delegates control to the *next* middleware
// In your application's queue.
$response = $handler->handle($request);
if ($response instanceof Response) {
if ($request instanceof ServerRequest) {
$response = $response
->cors($request)
->allowOrigin(['*'])
->allowMethods(['*'])
->allowHeaders(['*'])
->allowCredentials()
->build()
->withStatus(200, __('You shall pass!!'));
}
}
return $response;
}
}
And in Application.php
->add(new CorsMiddleware()) // Add this line here
// Add routing middleware.
// If you have a large number of routes connected, turning on routes
// caching in production could improve performance.
// See https://github.com/CakeDC/cakephp-cached-routing
->add(new RoutingMiddleware($this))
// Parse various types of encoded request bodies so that they are
// available as array through $request->getData()
// https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
->add(new BodyParserMiddleware())
Just in case: Inside
bootstrap.php:header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: *'); if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { exit(0); }
Thank you, I was struggling for a week to figure it out.
Just in case: Inside
bootstrap.php:header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: *'); if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { exit(0); }
Thank you so much. This works perfectly for my case
From CakePHP docs https://book.cakephp.org/4/en/controllers/request-response.html#setting-cross-origin-request-headers-cors
$this->response = $this->response->cors($this->request)
->allowOrigin(['*.cakephp.org'])
->allowMethods(['GET', 'POST'])
->allowHeaders(['X-CSRF-Token'])
->allowCredentials()
->exposeHeaders(['Link'])
->maxAge(300)
->build();
Hi all,
there is any definitive solution at the question? Add there rows to bootstrap.php isn't correct and generate problems with command line tool.
I have find a plugin for CakePHP
https://github.com/ozee31/cakephp-corsbut with cakephp 4.1.5 seem not working properly and POST, PUT, DELETE method can't be call cause by OPTIONS 404 error.Seem that they take care of it in cakephp doc but marginally and not with conviction to make it risolutive:
https://book.cakephp.org/4/en/controllers/request-response.html#setting-cross-origin-request-headers-cors.Any one has try and success implement the method in doc?