Why do all my requests fail with the CORS policy if the response code is not 200?

L

lexstile2021-04-04 14:59:49

PHP

lexstile, 2021-04-04 14:59:49

There is a method that I pull from the front:

public function callAccountAction() {
    sleep(1);
    
    http_response_code(403);
    // $this->sendResponse('error', ['error_code' => 1001, 'error_message' => 'Invalid request. Error code: 1001']);

    $data = $this->getStreamInput();
    
    $status = $this->ckeckSignature($_SERVER['HTTP_AUTHORIZATION']);
    
    if (!$status) {
      http_response_code(403);
    }
    
    if (empty($data->user->id)) {
      http_response_code(400);
    }

    if (!$this->model->isUserExists($data->user->id)) {
      $this->model->addUser($data->user);
      $this->sendResponse('success', ['status' => true, 'isInitial' => true]);
    }
    
    $this->sendResponse('success', ['status' => true]);
  }

I put the response code 403, it will immediately fall on CORS.
At the front, I need to know the status of the response from the server (if I set the response code 200, everything works correctly).

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

Rsa97, 2021-04-04
@lexstile

If your request is not CORS-safe, then the browser first sends an OPTIONS request, which must be answered with a 200 code and the necessary CORS headers set.