Why does yii2 cancel request and fire handleFatalError on CORS?

D

Dmytro Karpovych2014-11-21 21:57:15

Yii

Dmytro Karpovych, 2014-11-21 21:57:15

I am developing a service in Yii2 and AngularJS. Set up CORS.
.htaccess:

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
   Header set Access-Control-Allow-Credentials true
   Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD"
   Header set Access-Control-Allow-Headers "Authorization, Content-Type, Response-Type, If-Modified-Since"
   Header set Access-Control-Expose-Headers "Content-disposition, X-Pagination-Current-Page, X-Pagination-Page-Count, X-Pagination-Per-Page, X-Pagination-Total-Count, Link"
</IfModule>

Most requests work correctly, but when I use Http cache and return a 304 code,
I get an error:
No 'Access-Control-Allow-Origin' header is present on the requested resource .. The
request is canceled accordingly.
And one more feature (seen through x-debug):
After the completion of the script execution, ErrorHandler::handleFatalError() is launched
Server:
PHP 5.4
Xdebug v2.2.5
PS: everything is fine via the REST client. Help me please

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Mikhail Osher, 2014-11-21
@miraage

You cannot use AllowOrigin * in conjunction with AllowCredentials .
Either AllowOrigin * and no AllowCredentials , or AllowOrigin domain1 domain2 domainN along with AllowCredentials .

_

_ _, 2014-11-22
@AMar4enko

Mistake
has nothing to do with Yii, judging by your setup.
I'm not strong in Apache, but in my opinion mod_headers adds these headers of yours only in case of 200 response status, in any case, the documentation says this:
Try writing:
Header always set Access-Control-Allow-Origin "*"