Multiple Access-Control-Allow-Origin Headers

Question

Multiple Access-Control-Allow-Origin Headers

m-schreiber opened this issue 6 years ago · comments

Hi There,
just hit a Problem - would be nice if you could implement it.

Multiple "Access-Control-Allow-Origin"-Headers are not allowed:
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed

Instead of

foreach($allowedOrigin as $allowed_origin) { // to support multiple origins
	header("Access-Control-Allow-Origin: $allowed_origin");
}

do

header("Access-Control-Allow-Origin: ".implode(", ",$allowed_origin);

Jacob Wright · Answer 1 · Wed Oct 17 2018 11:24:36 GMT+0800 (China Standard Time)

Let me know if #116 works for you.

m-schreiber · Answer 2 · Mon Oct 22 2018 16:58:28 GMT+0800 (China Standard Time)

yes - this should work for me - will get back if i integrate a new version of your rest-server into my project - but my workaround looks and works the same:

$server = new \Jacwright\RestServer\RestServer($config["mode"]);
$server->useCors = false;
$server->allowedOrigin = $config["allowedOrigin"];

$server->addClass(...);

header("Access-Control-Allow-Origin: ".implode(", ",$config["allowedOrigin"]));
header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');
header('Access-Control-Allow-Credential: true');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization');
if ($server->getMethod() == 'OPTIONS')
{
    //Exit because of Bug in RestServer that makes it crash when not using cors
    exit;
}

$server->handle();