Hi
I have the following in a REST controller:
public function behaviors() {
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
'except' => ['login']
];
$behaviors['access'] = [
'class' => AccessControl::className(),
'allowActions' => ['login']
];
return array_merge($behaviors, [
// For cross-domain AJAX request
'corsFilter' => [
'class' => \yii\filters\Cors::className(),
'cors' => [
// restrict access to domains:
'Origin' => self::allowedDomains(),
'Access-Control-Request-Method' => ['POST', 'GET', 'OPTIONS'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Max-Age' => 0,
'Access-Control-Allow-Origin' => self::allowedDomains(),
'Access-Control-Allow-Headers' => ["Origin", "X-Requested-With", "Content-Type", "accept", 'Authorization'],
],
],
]);
}
Locally this works, but on my live machine I cannot get anything but 403 forbidden. If I disable access
in behaviors it works fine. what am I missing?