Answer the question
In order to leave comments, you need to log in
C
C
coderisimo2019-11-29 14:08:38
coderisimo, 2019-11-29 14:08:38
How to defeat the nasty CORS in Yii?
I am writing a REST application. There is a test controller. AJAX calls to default URLs like 127.0.0.1:8000/tests work fine. I'm trying to add a custom URL. In the controller I create the corresponding action :
public function actionYo()
{ return ['result' => 'YO! Pipol!!!! ']; }in routes add
[
'class' => 'yii\rest\UrlRule',
'controller' => 'test',
'extraPatterns' => [
'GET yo' => 'yo', // 'xxxxx' refers to 'actionXxxxx'
//пробовал танцевать с бубном вот так - без толку
// 'OPTIONS yo' => 'yo', // 'xxxxx' refers to 'actionXxxxx'
],
],everything works in postman but not in the browser. Beloved to tears CORS on guard of security!
If I also use // 'OPTIONS yo' => 'yo', // 'xxxxx' refers to 'actionXxxxx' - I get 401 Unauthorized
unless 'GET yo' => 'yo', // 'xxxxx' refers to 'actionXxxxx' , then 404 Not Found
As far as I understand, Yii OPTIONS requests, in general, should resolve on their own.
Default urls work fine. Cors looks like this (it lies in the BaseController from which I inherit):
$behaviors['corsFilter'] = [
'class' => \yii\filters\Cors::className(),
'cors' => [ // restrict access to domains:
'Origin' => [
'http://localhost:8080',
],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Request-Headers' => ['*'],
'Access-Control-Max-Age' => 3600 * 5,
],
];Forces and NEVRA are running out. The application itself did not start, because I am at war with this .... mm .. m ... b .... a bad thing.
Thank you!
UPD Decadal 's answer prompted the decision . His version is working, but writing routes for each non-standard action is ... too lazy! )))
As you know, Yii has an ActiveController from which we inherit when we write our REST controllers. It already defines actions for standard REST routes. There is also an action for OPTIONS. This way we can add a route rule that will send all OPTIONS requests to this action. No need to write crutches for every custom action we need. This is done with two lines:
[
'class' => 'yii\rest\UrlRule',
'controller' => ['test', 'best'], // строчка ОДЫН - здесь все контроллеры, для которых это должно работать
'extraPatterns' => [
//строчка ДЫВА - эта штука будет отправлять все на экшн options, он уже есть в родительском ActiveController
'OPTIONS <action:\w+>' => 'options'
],
], 2 answer(s)
@coderisimo
if you don't set it up yourself, it won't resolve anything.
It is necessary that any request goes to the route of the same controller which 1) does not require authorization 2) returns all the necessary headers. I did not manage to set it up universally using yii2 routing, I had to hardcode different levels of routes and redirect them to a single method.
D
Decadal, 2019-11-29 @coderisimo
As far as I understand, Yii OPTIONS queries, in general, should resolve on their own.
if you don't set it up yourself, it won't resolve anything.
It is necessary that any request goes to the route of the same controller which 1) does not require authorization 2) returns all the necessary headers. I did not manage to set it up universally using yii2 routing, I had to hardcode different levels of routes and redirect them to a single method.
Similar questions
A
E
A
S
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question