cakephp-cors
cakephp-cors copied to clipboard
ozee31
OPTION method seem not working propery with CakePHP 4.1.5
Hi, sorry for boring you but i'm stuck in the problem to make work the plugin with Cakephp 4.1.5.
I try to expose the configuration.
I'm creating an Angular App that work on a domani http://localhost:4200; the REST API server (cakephp) is working at http://work.local/.../api/.
I'm sure the two apps are working because if i put in bootstrap.php the headers below all the calls works fine:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: *');
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
exit(0);
}
I try configuring the plugin and using it with the default configuration BUT still now works if the call has preflight OPTION request.
The error is :
Access to XMLHttpRequest at 'http://work.local/.../api/v1/cms-orders.json' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm confused.
After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.
I try to write a middleware by my own and with the same function but with: ->withStatus(200,'Some text here'); the preflight request is manage correctly and all is working.
I don't understand if it is a good solution or only a workaround; I ask your opinion about this.
After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.
I try to write a middleware by my own and with the same function but with:
->withStatus(200,'Some text here');the preflight request is manage correctly and all is working.I don't understand if it is a good solution or only a workaround; I ask your opinion about this.
If I try that I still recieve a 302 Found status code, which will result in a 'Redirect is not allowed for a preflight request', see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed
For me only the solution with adding this to bootstrap.php is working:
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
header('Access-Control-Allow-Origin: ');
header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: authorization');
header('Access-Control-Expose-Headers: authorization');
exit(0);
}
But I also don't know if that is a good solution. I also don't know if this a problem of cakephp-cors or has to do with Crud Plugin and Crud.Api Listener or cake4 itself.
I had a very similar issue with a vuejs frontend and CakePHP 4.2.4
In my case I tried to access http://localhost:8083/sangavue/api/users/login.json via axios and I got the same error.
In CorsMiddleware.php at line 19 there is a call for $response = $handler->handle($request);
As I use restful routing I do not have templates/Users/json/login.php file. The line above created an exception for OPTIONS calls, and that is why the axios call is failed.
Creating an empty templates/Users/json/login.php file solved my problem.
#32 works for mee, too. Since nothing happens there since July 2021 I copied the patch @rabp99 offered there, regarding the change requests from @LukeC8 and put it into a new PR: #33
I just had the issue I was trying to send an "Authorization: Token
#33 works you can pull it in with composer from git-hub
{
// composer.json
... snippage
"repositories": [
{
"type": "vcs",
"url": "https://github.com/cniklas/cakephp-cors"
}
],
"require": {
"ozee31/cakephp-cors": "dev-master",
},
// ... snippage
}
composer update
