Home No-Access-Control-Allow-Origin
Reply: 1

No-Access-Control-Allow-Origin

Kyle
1#
Kyle Published in 2018-01-12 15:50:31Z

I am getting this error when making a post request:

XMLHttpRequest cannot load http://api.dev/v1/call-rates/base/search. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:63342' is therefore not allowed access. The response had HTTP status code 404.

However a get request to the same endpoint works fine, e.g the following GET request returns data.

`http://api.dev/v1/call-rates/base`

Cors:

 public function behaviors()
{
    $behaviors = parent::behaviors();
    // remove authentication filter
    unset($behaviors['authenticator']);
    // add CORS filter
    $behaviors['corsFilter'] = [
        'class' => Cors::className(),
        'cors'  => [
            // restrict access to domains:
            'Origin' => ['*'],
            'Access-Control-Allow-Methods' => ['POST', 'PUT', 'OPTIONS', 'PATCH', 'GET', 'HEAD'],
            // Allow only POST and PUT methods
            'Access-Control-Request-Headers' => ['Authorization', 'Access-Control-Allow-Headers', 'Content-Type', 'Access-Control-Allow-Methods', 'Origin'],
            // Allow the X-Pagination-Current-Page header to be exposed to the browser.
            'Access-Control-Expose-Headers' => ['X-Pagination-Page-Count','X-Pagination-Total-Count', 'Origin'],

        ],
    ];
    // re-add authentication filter
    $behaviors['authenticator'] = [
        'class' => HttpBearerAuth::className(),
    ];
    // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
    $behaviors['authenticator']['except'] = ['options'];
    $behaviors['contentNegotiator'] = [
        'class' => ContentNegotiator::className(),
        'formats' => [
            'application/json' => Response::FORMAT_JSON,
        ],
    ];
    return $behaviors;
}

Any help would be massively appreciated, I am well and truly stuck.

Mario César Rosales
2#
Mario César Rosales Reply to 2018-01-12 16:18:50Z

I think your api call http://api.dev/v1/call-rates/base/search is typically associated with a GET request, not a POST, however, in your web.php you could try something like this

    'urlManager'=>[
        'class'=> 'yii\web\UrlManager',
        'showScriptName'=>false,
        'enablePrettyUrl'=>true,
        'rules' => [
            ['class' => 'yii\rest\UrlRule',
                'controller' => 'your-controller',
                'extraPatterns' => [
                    'POST your action' => 'your-action'
                ],
            ],
            ['class' => 'yii\rest\UrlRule',
                'controller' => 'rest',

            ],
        ],
    ],
You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.31776 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO