Need to support CORS or set up dynamic VHOST with api path alleviating CORS policies

[LongLiveCHIEF]

running into [CORS](forgot that’s why I was trying to be fancy with the VirtualDocumentRoot in Apache). Web browsers have a security policy in place that prevents any requests to external domains (as inspected by the host path of the outgoing request and the value of window.domain).

A quick fix would be if slim has a JSONP wrapper. Swap out responses in JSON to JSONP, and I can set my request to use jsonp instead of .get() or .post(). When a javascript requests a request using jsonp method instead of GET or POST, the security policy mentioned above will not intervene.

There are some other things we can do also, but for this particular circumstance, matching the subdomain/parent domain in the api, or a possible swap to JSONP delivery would be easiest and best supported across all browsers. Other options are hit or miss with IE9 or under, and even Firefox in some cases.

[LongLiveCHIEF]

I did try to set a Access-Control-Allow-Origin header, but with the GET method, that require certain OPTIONS be set on the apache/php side to allow requests with this header to be handled.

In regards to why you wouldn't catch this with Postman (see this), it's not restricted the same way (refer to link.) And of course phpunit running from the server doesn't use a client and isn't subject to the same restrictions. I believe Postman can be configured to simulate a browsers security model, but haven't had time to look at the right configuration.

Other resource that touches a bit on how a browser preflight is triggered to check the receiving server for CORS implementations: http://www.arunisrael.com/2013/08/accessing-external-apis-with-angularjs.html

[LongLiveCHIEF]

Fixed. Updated Vhost definition of api.evsvillas.com and added the Header set Access-Control-Allow-Origin "*" directive. Browser preflights and allows request.

First time I've been able to solve a cross-domain xhr problem on the http server itself! :100:

[maximx1]

:+1: