![]() You may wonder why Allow-Methods may not appear to be working when you test ( you will test… right?!), this got me as well, and I found the answer: >withHeader('Access-Control-Allow-Methods', $this->getAllowedMethodsString($cors, $origin)) >withHeader('Access-Control-Allow-Origin', $this->getOriginHeader($cors, $origin)) Private function getResponse($response, $origin, $cors) ![]() * \Psr\Http\Message\ResponseInterface $response PSR7 Response Private function getOriginHeader($cors, $origin) Private function getAllowedMethodsString($cors, $origin) * string comma delimited string of methods * Gets allow method string of comma separated http verbs Return $this->getResponse($response, $origin, $this->cors) $origin = isset($_SERVER) ? $_SERVER : 'none' Public function run($request, $response, $next) * \Psr\Http\Message\ResponseInterface $response PSR7 response * \Psr\Http\Message\ServerRequestInterface $request PSR7 request In other words make sure to TEST TEST TEST it as I’m not using this exact implementation.ĬorsMiddleware.php list I moved all the settings into the same file. This is a slightly modified version of what I’m using since I’m using Slim’s DI Container. I also prefer having this ability in php instead of an. I wrote a Slim middleware, (which can be installed via composer) since I needed the ability to allow my API to be accessed by multiple domains and restrict what methods I allow. It seems to either be an all or very restrictive approach, which then most dev’s will opt for the very easy wildcard ‘*’ approach. Or have a wildcard which doesn’t make sense to me. Header add Access-Control-Allow-Origin %e env=AccessControlAllowOrigin SetEnvIf Origin "^http(s)?:\/\/(AccessControlAllowOrigin=$0 htaccess/apache rule: credit which may or may not work for you if you don’t have access to apache modules. Unfortunately you cannot specify multiple domains.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |