search

Respect / Rest

Thin controller for RESTful applications
http://respect.github.io/Rest
Other
605 stars 102 forks source link

OPTIONS request and Access-Control-Allow-Headers #140

Closed angi- closed 5 years ago

angi- commented 5 years ago

I implemented JWT in my API and now I need to send the token as an Authorization header. Problem is that whenever I make OPTIONS request to the endpoint the response I get in Access-Control-Allow-Headers is Content-Type.

What should I do? Thanks

nickl- commented 5 years ago

Can you give a code example please.

angi- commented 5 years ago

Sure, here is the simplest example:

use Respect\Rest\Router;

$r3 = new Router;
$r3->get('/endpoint', function() {
    return 'Hello World';
});

Then in postman I make an OPTIONS request to /endpoint and in the response header I see: Access-Control-Allow-Headers →Content-Type

But I would need: Access-Control-Allow-Headers →Content-Type, Authorization

Because I send a bearer token with my requests in the Authorization header.

angi- commented 5 years ago

So I managed to solve this issue on my end, it's nothing urgent anymore.

This was caused by CORS: I'm running apache on localhost:80 where my api lives and my front-end runs on localhost:8080. Chrome was issuing the OPTIONS preflight request because of this. I made a proxy from 8080 to 80 and all works as expected.

nickl- commented 5 years ago

@angi- Glad you find a solution.

Closed: Resolved