I have four applications that use the same API, and Access-Control-Allow-Origin: *
does not account for all, the only application that does not work is the one I'm using Zend Framework 2 and Symfony, I do not know if I could have anything to do with it.
Suppose http://cloud.localhost.com.br
is the URL of the application that does not work with *
When switching to Access-Control-Allow-Origin:http://cloud.localhost.com.br
, for example, it works normally. That is, if it works with URL, I suppose you have some problem with Access-Control-Allow-Origin: *
.
API Configuration:
return array(
'zfr_cors' => array(
// LOCAL
//'allowed_origins' => array('http://cloud.localhost.com.br'),
'allowed_origins' => array('*'),
/**
* Set the list of HTTP verbs.
*/
'allowed_methods' => array('GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'),
/**
* Set the list of headers. This is returned in the preflight request to indicate
* which HTTP headers can be used when making the actual request
*/
'allowed_headers' => array('Authorization', 'Accept', 'Content-Type'),
/**
* Set the max age of the preflight request in seconds. A non-zero max age means
* that the preflight will be cached during this amount of time
*/
// 'max_age' => 120,
/**
* Set the list of exposed headers. This is a whitelist that authorize the browser
* to access to some headers using the getResponseHeader() JavaScript method. Please
* note that this feature is buggy and some browsers do not implement it correctly
*/
// 'exposed_headers' => array(),
/**
* Standard CORS requests do not send or set any cookies by default. For this to work,
* the client must set the XMLHttpRequest's "withCredentials" property to "true". For
* this to work, you must set this option to true so that the server can serve
* the proper response header.
*/
'allowed_credentials' => true,
),
);
Google Chrome console using Access-Control-Allow-Origin:http://cloud.localhost.com.br
:
Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:32:49 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:49 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
and sends POST after:
Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:POST
Status Code:201 Created
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Expose-Headers:
Connection:Keep-Alive
Content-Length:179
Content-Type:application/hal+json
Date:Thu, 11 Feb 2016 14:32:50 GMT
Keep-Alive:timeout=5, max=100
Location:http://apps-api.localhost/v1/contato
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:50 GMT; Max-Age=3600; path=/
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:58 GMT; Max-Age=3600; path=/
Vary:Origin
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:109
Content-Type:application/json;charset=UTF-8
Cookie:XDEBUG_SESSION=netbeans-xdebug
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
And when I change to Access-Control-Allow-Origin: *
:
Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:*
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:33:32 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:33:32 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36
Do NOT send POST