search

jacwright / RestServer

A PHP REST server for providing a very light-weight REST API.
MIT License
512 stars 194 forks source link

Multiple Access-Control-Allow-Origin Headers #115

Open m-schreiber opened 5 years ago

m-schreiber commented 5 years ago

Hi There, just hit a Problem - would be nice if you could implement it.

Multiple "Access-Control-Allow-Origin"-Headers are not allowed: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMultipleAllowOriginNotAllowed

Instead of 

foreach($allowedOrigin as $allowed_origin) { // to support multiple origins
    header("Access-Control-Allow-Origin: $allowed_origin");
}

do

header("Access-Control-Allow-Origin: ".implode(", ",$allowed_origin);
jacwright commented 5 years ago

Let me know if https://github.com/jacwright/RestServer/pull/116 works for you.

m-schreiber commented 5 years ago

yes - this should work for me - will get back if i integrate a new version of your rest-server into my project - but my workaround looks and works the same:

$server = new \Jacwright\RestServer\RestServer($config["mode"]);
$server->useCors = false;
$server->allowedOrigin = $config["allowedOrigin"];

$server->addClass(...);

header("Access-Control-Allow-Origin: ".implode(", ",$config["allowedOrigin"]));
header('Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS');
header('Access-Control-Allow-Credential: true');
header('Access-Control-Allow-Headers: X-Requested-With, content-type, access-control-allow-origin, access-control-allow-methods, access-control-allow-headers, Authorization');
if ($server->getMethod() == 'OPTIONS')
{
    //Exit because of Bug in RestServer that makes it crash when not using cors
    exit;
}

$server->handle();