CORS

Question

CORS

riscie opened this issue 10 years ago · comments

Matthias Langhard commented 10 years ago

Hi there! Great Project!

I have a question regarding how to disable the blocking of CORS requests.
I know that I can do someting like this which helps for all GET requests:
php header("Access-Control-Allow-Origin: *");
But I think there is a better option to do so which also includes POST requests?

Thank you in advance for any advice!

Matthias Langhard · Answer 1 · Wed Oct 29 2014 15:57:12 GMT+0800 (China Standard Time)

So this helped me:

    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }

    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS, DELETE");         

        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers:        {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

        exit(0);
    }

(Source: http://stackoverflow.com/questions/18382740/cors-not-working-php)
That this will now accept requests from diffrent sources. I needed this in a project created with yeoman where the yeoman generator utilized two diffrent webservers. (One for the app and one for the api).

Maybe this helps someone else. (It's a non-issue. Sorry if posting here was wrong...)

Alix Axel · Answer 2 · Tue Nov 11 2014 07:21:39 GMT+0800 (China Standard Time)

Thanks for the suggestion and the solution @riscie, I will consider making this the default behavior.