ozee31
OPTION method seem not working propery with CakePHP 4.1.5
Hi, sorry for boring you but i'm stuck in the problem to make work the plugin with Cakephp 4.1.5.
I try to expose the configuration.
I'm creating an Angular App that work on a domani http://localhost:4200; the REST API server (cakephp) is working at http://work.local/.../api/.
I'm sure the two apps are working because if i put in bootstrap.php the headers below all the calls works fine:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: *');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
exit(0);
}
I try configuring the plugin and using it with the default configuration BUT still now works if the call has preflight OPTION request.
The error is :
Access to XMLHttpRequest at 'http://work.local/.../api/v1/cms-orders.json' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm confused.
After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.
I try to write a middleware by my own and with the same function but with: ->withStatus(200,'Some text here'); the preflight request is manage correctly and all is working.
I don't understand if it is a good solution or only a workaround; I ask your opinion about this.
After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.
I try to write a middleware by my own and with the same function but with:
->withStatus(200,'Some text here');the preflight request is manage correctly and all is working.I don't understand if it is a good solution or only a workaround; I ask your opinion about this.
If I try that I still recieve a 302 Found status code, which will result in a 'Redirect is not allowed for a preflight request', see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed
For me only the solution with adding this to bootstrap.php is working:
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
header('Access-Control-Allow-Origin: ');
header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: authorization');
header('Access-Control-Expose-Headers: authorization');
exit(0);
}
But I also don't know if that is a good solution. I also don't know if this a problem of cakephp-cors or has to do with Crud Plugin and Crud.Api Listener or cake4 itself.
I had a very similar issue with a vuejs frontend and CakePHP 4.2.4
In my case I tried to access http://localhost:8083/sangavue/api/users/login.json via axios and I got the same error.
In CorsMiddleware.php at line 19 there is a call for $response = $handler->handle($request);
As I use restful routing I do not have templates/Users/json/login.php file. The line above created an exception for OPTIONS calls, and that is why the axios call is failed.
Creating an empty templates/Users/json/login.php file solved my problem.
#32 works for mee, too. Since nothing happens there since July 2021 I copied the patch @rabp99 offered there, regarding the change requests from @LukeC8 and put it into a new PR: #33
I just had the issue I was trying to send an "Authorization: Token
#33 works you can pull it in with composer from git-hub
{
// composer.json
... snippage
"repositories": [
{
"type": "vcs",
"url": "https://github.com/cniklas/cakephp-cors"
}
],
"require": {
"ozee31/cakephp-cors": "dev-master",
},
// ... snippage
}
composer update
