CORS error appears with ActiveController actions ( index,view, update, delete ) & no errors with my custom action

Mahmoudsaad · December 14, 2020, 10:36am

Hello,

if I used

https://my-server.com/branches (works fine with ‘GET’, ‘POST’, ‘UPDATE’ and ‘DELETE’ methods)

(with this configuration in urlManager [‘class’ => ‘yii\rest\UrlRule’, ‘controller’ => ‘branches’], )

if I used

https://my-server.com/branches/index (CORS error & work fine using postman)
https://my-server.com/branches/create (CORS error & work fine using postman)
https://my-server.com/branches/update (CORS error & work fine using postman)
https://my-server.com/branches/delete (CORS error & work fine using postman)

(I don’t want to add a rule to urlManager for every controller )

while if I used

https://my-server.com/branches/test (works fine)

This is my controller:

class BranchesController extends ActiveController
{
public $modelClass = Branches::class;
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors[‘authenticator’] = [‘class’ => HttpBearerAuth::class];
$auth = $behaviors[‘authenticator’];
unset($behaviors[‘authenticator’]);
$behaviors[‘corsFilter’] = [‘class’ => \yii\filters\Cors::class];
$behaviors[‘authenticator’] = $auth;
$behaviors[‘authenticator’][‘except’] = [‘options’];
return $behaviors;
}
public function actionTest()
{
return ‘any thing’;
}
{

BTW I am using vuejs as a frontend
any suggestions?

Bizley · December 14, 2020, 11:13am

I’m not sure if I understand correctly. Are you using https://my-server.com/branches/index and so on directly? With REST apps it should not be called like that, use HTTP methods only. But it’s strange that CORS filter doesn’t work in that case. I have never used it though.

Mahmoudsaad · December 14, 2020, 11:29am

@Bizley Actually, I am still on my local server. using HTTPS or HTTP has no effect on CORS policy, it works on postman and also my custom action works fine ( actionTest() in the above controller in the frontend).

Bizley · December 14, 2020, 12:02pm

Yes, I’m referring to .../index, .../create, ad so on, not working properly with CORS. That is weird (to me).

Mahmoudsaad · December 14, 2020, 2:33pm

In this case, CORS filters work for actions that are already in the controller (like actionTest()). I think I have to send CORS header in every request using beforeAction

‘on beforeAction’ => function ($event) {
// send CORS headers here
},

Can you kindly guide me on how to do this?

Bizley · December 14, 2020, 2:46pm

That’s the thing - it should be done with this filter already here. But it makes me wonder because addCorsHeaders() there adds headers only when there are some in the first place, maybe this is the reason. Could you check it on your app?

Mahmoudsaad · December 14, 2020, 3:25pm

Thanks for your time and for helping me.
I didn’t understand what you meant by the word “first place” and what to check.
the file Cors.php is completely identical to mine.
can you take a look at this
I want to try to add CORS header in ‘on beforeAction’, but I don’t know how. Can you help?

Bizley · December 14, 2020, 3:42pm

Debug your app and see if by the time the $this->addCorsHeaders($this->response, $responseCorsHeaders); is called in that filter, there are any headers already registered.

Mahmoudsaad · April 19, 2022, 9:38pm

Finally, I found that I have to declare the verbs() function in my controller, even if it’s empty.
Like this

protected function verbs()
{
}