Last active
November 7, 2023 15:43
-
-
Save yashuarc/10080747 to your computer and use it in GitHub Desktop.
Enabling CORS on CakePHP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public function beforeFilter() { | |
| parent::beforeFilter(); | |
| $this->response->header('Access-Control-Allow-Origin','*'); | |
| $this->response->header('Access-Control-Allow-Methods','*'); | |
| $this->response->header('Access-Control-Allow-Headers','X-Requested-With'); | |
| $this->response->header('Access-Control-Allow-Headers','Content-Type, x-xsrf-token'); | |
| $this->response->header('Access-Control-Max-Age','172800'); | |
| } |
Hi all,
I have finally found a more structure way in CakePHP 4.x to manage CORS.
I have created a middleware, inspired by the https://github.com/ozee31/cakephp-cors that finally manage correctly the OPTIONS preflying call.
if (strtoupper($request->getMethod()) === 'OPTIONS') {
$response = $response
->withHeader('Access-Control-Expose-Headers', $this->_exposeHeaders())
->withHeader('Access-Control-Allow-Headers', $this->_allowHeaders($request))
->withHeader('Access-Control-Allow-Methods', $this->_allowMethods())
->withStatus(200,__('You shall pass!!'));
}
With the last row ->withStatus(200,'some text here'); it works correctly.
I hope this give an help to someone.
I want to allow 2 domains and a subdomain. How can I do this? Allowing all the websites/subdomains are not good solution. Any suggestion. Thanks.
The middleware
class CorsMiddleware implements MiddlewareInterface
{
/**
* @inheritDoc
*/
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
// Calling $handler->handle() delegates control to the *next* middleware
// In your application's queue.
$response = $handler->handle($request);
if ($response instanceof Response) {
if ($request instanceof ServerRequest) {
$response = $response
->cors($request)
->allowOrigin(['*'])
->allowMethods(['*'])
->allowHeaders(['*'])
->allowCredentials()
->build()
->withStatus(200, __('You shall pass!!'));
}
}
return $response;
}
}
And in Application.php
->add(new CorsMiddleware()) // Add this line here
// Add routing middleware.
// If you have a large number of routes connected, turning on routes
// caching in production could improve performance.
// See https://github.com/CakeDC/cakephp-cached-routing
->add(new RoutingMiddleware($this))
// Parse various types of encoded request bodies so that they are
// available as array through $request->getData()
// https://book.cakephp.org/4/en/controllers/middleware.html#body-parser-middleware
->add(new BodyParserMiddleware())
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all,
there is any definitive solution at the question? Add there rows to bootstrap.php isn't correct and generate problems with command line tool.
I have find a plugin for CakePHP
https://github.com/ozee31/cakephp-corsbut with cakephp 4.1.5 seem not working properly and POST, PUT, DELETE method can't be call cause by OPTIONS 404 error.Seem that they take care of it in cakephp doc but marginally and not with conviction to make it risolutive:
https://book.cakephp.org/4/en/controllers/request-response.html#setting-cross-origin-request-headers-cors.Any one has try and success implement the method in doc?