How to allow CORS request for API?

D

Dos2019-11-15 03:40:52

symfony

Dos, 2019-11-15 03:40:52

Hey! For some reason it is not possible to send a put request to the server. This error comes out:

OPTIONS 127.0.0.1:8000/api/events/1960aaeb-5c81-471a-bd3d-... 405 (Method Not Allowed)
Access to XMLHttpRequest at ' 127.0.0.1:8000/api/events/1960aaeb-5c81-471a-bd3d -... ' from origin ' localhost:3000 ' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

in index.php I placed the following code:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS");
header("Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization");
header("Access-Control-Allow-Headers: *");

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    header("Access-Control-Allow-Origin: *");
    header("Access-Control-Allow-Credentials: true");
    header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS");
    header("Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization");
    header("Content-Type: text/plain charset=UTF-8");
    header("Content-Length: 0");
}

but it doesn't help... What could be the problem? And how to properly resolve the error with cors?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Igor, 2019-11-16
@pro-dev

Use Nginx, drop Apache

server {
    listen                          80;

    client_max_body_size            208M;
    access_log                      /var/log/nginx/secure.access.log;
    error_log                       /var/log/nginx/secure.error.log error;

    root                            /www/public;

    add_header				        "Access-Control-Allow-Origin" "*";
    add_header				        "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization";
    add_header				        "Access-Control-Request-Methods" "GET, POST, OPTIONS";

    location / {
        try_files                   $uri $uri/ /secure.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info     ^(.+\.php)(/.+)$;
        fastcgi_pass                app:9000;
        fastcgi_index               secure.php;
        include                     fastcgi_params;
        fastcgi_param               SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param               PATH_INFO $fastcgi_path_info;
    }
}

E

Eugene, 2020-05-21
@Yauheni85

You can create 2 EventSubscribers
Per request:

// ...
class RequestSubscriber implements EventSubscriberInterface {

  public function onRequestEvent(RequestEvent $event) {
    if($event->getRequest()->getMethod() === 'OPTIONS') {
      $response = new Response(null);
      $event->setResponse($response);
    } 
  }

  public static function getSubscribedEvents() {
    return [RequestEvent::class => ['onRequestEvent', 5000]];
  }

}

And in response:

// ...
class ResponseSubscriber implements EventSubscriberInterface {

  public function onResponseEvent(ResponseEvent $event) {
    $headers = $event->getResponse()->headers;
    $headers->set('Access-Control-Allow-Origin', '*');
    if($event->getRequest()->getMethod() === 'OPTIONS') {
      $headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
      $headers->set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept');
      $headers->set('Access-Control-Allow-Credentials', 'true');
      $headers->set('Access-Control-Max-Age', '1728000');
      $headers->set('Cache-Control', 'no-cache, must-revalidate');
    }
  }

  public static function getSubscribedEvents() {
    return [ResponseEvent::class => 'onResponseEvent'];
  }

}