Slim PHP Problem with CORS

1

I'm trying to make a request on the server, but I'm having a problem with configuring CORS , api was developed with the Slim Php framework and I'm using middleware #, I left the middleware settings as default by adding ignoreloadingbar because of an angular component bug, I do not know if I configured the side-server correctly %:

Request:

Host: zooflora
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pt-BR,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,ignoreloadingbar
Origin: http://localhost:4200
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Response:

HTTP/1.1 200 OK
Date: Tue, 24 Jul 2018 15:41:43 GMT
Server: Apache/2.4.33 (Win32) OpenSSL/1.1.0h PHP/7.2.5
X-Powered-By: PHP/7.2.5
Set-Cookie: PHPSESSID=p04ghhja7tp7jisk9fknrr1p9j; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: http://localhost:4200
Vary: Origin
Access-Control-Allow-Headers: origin, content-type, authorization,
accept, ignoreloadingbar, x-requested-with,multipart/form-data
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Although it contains status 200 Ok I get the message:

  

Http failure response for (unknown url): 0 Unknown Error

and Google Chrome:

  

Response to preflight request does not pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values' link , * ', but only one is allowed. Origin ' link ' is therefore not allowed access.

Application: link
Api: link

In Google chrome when I add the line: Header set Access-Control-Allow-Origin "*" no .htaccess I can make requests normally, but it does not work in firefox , I use addons in mozilla to Disable CORS this way everything works correctly, but I need to know how to set it up correctly.

You can see here: link (just click on access and look at the console)

    
asked by anonymous 24.07.2018 / 18:09

1 answer

2

After 3 days I was able to resolve and configure correctly:

no .htaccess this line is still required to work in Google Chrome, Mozilla makes no difference, I believe it ignores:

Header set Access-Control-Allow-Origin "*"

and the setting in Middleware looks like this:

$app->add(new Tuupola\Middleware\CorsMiddleware([
    "origin" => ["http://dominio.com.br"],
    "methods" => ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],    
    "headers.allow" => ["Origin", "Content-Type", "Authorization", "Accept", "ignoreLoadingBar", "X-Requested-With", "Access-Control-Allow-Origin"],
    "headers.expose" => [],
    "credentials" => true,
    "cache" => 0,        
]));

I just needed to add the OPTIONS method and remove some invalid HEADRERS ALLOWS . now everything is working properly.

I was able to better understand my problem by reading this doc Cross-Origin Resource Sharing

/ a>

    
25.07.2018 / 16:37