search

gothinkster / slim-php-realworld-example-app

Exemplary real world application built with Slim
https://realworld.io
427 stars 96 forks source link

API endpoint path with Trailing Slash does not send CORs header #7

Closed romellem closed 6 years ago

romellem commented 6 years ago

Currently, the midleware.php file redirects all paths that have a trailing slash to its correct path with a 301 response code - relevant code portion here

However, this 301 does not have the Access-Control-Allow-Origin Header in its initial 301 response. So, if the clientside app makes a request to a URL with a trailing slash, the request fails:

Failed to load http://localhost:8080/api/tags/: Redirect from 'http://localhost:8080/api/tags/' to 'http://localhost:8080/api/tags' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

However, it looks like the fix is pretty simple. From the Slim documentation:

The last middleware layer added is the first to be executed.

So, I think if we swap the order of the two middleware functions, then the CORs header will be added first, even if we have a redirect.