Access-Control-Allow-Origin: * does not work for all my domains

3

I have four applications that use the same API, and Access-Control-Allow-Origin: * does not account for all, the only application that does not work is the one I'm using Zend Framework 2 and Symfony, I do not know if I could have anything to do with it.

Suppose http://cloud.localhost.com.br is the URL of the application that does not work with *

When switching to Access-Control-Allow-Origin:http://cloud.localhost.com.br , for example, it works normally. That is, if it works with URL, I suppose you have some problem with Access-Control-Allow-Origin: * .

API Configuration:

return array(
    'zfr_cors' => array(
    // LOCAL
      //'allowed_origins' => array('http://cloud.localhost.com.br'),

      'allowed_origins' => array('*'),

     /**
      * Set the list of HTTP verbs.
      */
      'allowed_methods' => array('GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'),

     /**
      * Set the list of headers. This is returned in the preflight request to indicate
      * which HTTP headers can be used when making the actual request
      */
      'allowed_headers' => array('Authorization', 'Accept', 'Content-Type'),

     /**
      * Set the max age of the preflight request in seconds. A non-zero max age means
      * that the preflight will be cached during this amount of time
      */
     // 'max_age' => 120,

     /**
      * Set the list of exposed headers. This is a whitelist that authorize the browser
      * to access to some headers using the getResponseHeader() JavaScript method. Please
      * note that this feature is buggy and some browsers do not implement it correctly
      */
     // 'exposed_headers' => array(),

     /**
      * Standard CORS requests do not send or set any cookies by default. For this to work,
      * the client must set the XMLHttpRequest's "withCredentials" property to "true". For
      * this to work, you must set this option to true so that the server can serve
      * the proper response header.
      */
      'allowed_credentials' => true,
   ),
);

Google Chrome console using Access-Control-Allow-Origin:http://cloud.localhost.com.br :

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:32:49 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:49 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

and sends POST after:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:POST
Status Code:201 Created
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Expose-Headers:
Connection:Keep-Alive
Content-Length:179
Content-Type:application/hal+json
Date:Thu, 11 Feb 2016 14:32:50 GMT
Keep-Alive:timeout=5, max=100
Location:http://apps-api.localhost/v1/contato
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:50 GMT; Max-Age=3600; path=/
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:58 GMT; Max-Age=3600; path=/
Vary:Origin
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:109
Content-Type:application/json;charset=UTF-8
Cookie:XDEBUG_SESSION=netbeans-xdebug
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

And when I change to Access-Control-Allow-Origin: * :

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:*
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:33:32 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:33:32 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

Do NOT send POST

    
asked by anonymous 11.02.2016 / 16:13

1 answer

-2

I do not know while using the Framework, but try to click link

This happened to me because of the way my Framework works, do not forget to turn it on and off at the beginning and after you finish using it.

    
12.02.2016 / 11:18