Skip to content

Instantly share code, notes, and snippets.

@zspine zspine/.env
Created Oct 4, 2019

Embed
What would you like to do?
API Platform json_login with separate domain SPA
APP_COOKIE_DOMAIN=.example.test
CORS_ALLOW_ORIGIN=^https?://app.example.test(:[0-9]+)?$
# config/packages/framework.yaml
framework:
session:
handler_id: null
cookie_domain: '%env(APP_COOKIE_DOMAIN)%'
cookie_secure: auto
cookie_samesite: lax
# config/packages/nelmio_cors.yaml
nelmio_cors:
defaults:
allow_credentials: true #set to true
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization', 'Access-Control-Allow-Credentials', 'X-Auth-Token']
expose_headers: ['Link']
max_age: 3600
paths:
'^/': null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.