AlenKelemen
commented
5 years ago Solved, correct setting (for http://localhost:1234 for instance) in config.php is:
"MapGuide.Cors" => array( "origin" => "http://localhost:1234", "exposeHeaders" => array("Authorization,Content-Type"), "maxAge" => 1728000, "allowCredentials" => True, "allowMethods" => array("POST, GET, OPTIONS"), "allowHeaders" => array("Authorization,Content-Type") ),
In rest/app/config.php CORS enable settings are for 'simple' CORS (without OPTIONS preflight). If one needs to send user name and password these settings are not enough, so the response in that case would be something like this:
Access to fetch at 'http://localhost/mapguide/rest/library/vodovodOmis/Data/edc_vodoopskrba.FeatureSource/classdef.json/Default/Kvar' from origin 'http://localhost:1234' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.I changed config.php to:"MapGuide.Cors" => array( "origin" => "http://localhost:1234", "exposeHeaders" => array("*"), "maxAge" => 1728000, "allowCredentials" => True, "allowMethods" => array("POST, GET, OPTIONS"), "allowHeaders" => array("*") ),And response is:localhost/:1 Access to fetch at 'http://localhost/mapguide/rest/library/vodovodOmis/Data/edc_vodoopskrba.FeatureSource/classdef.json/Default/Kvar' from origin 'http://localhost:1234' has been blocked by CORS policy: Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response.I have played with headers at config.php and directly on server a significant amount of time but without success. The issue becomes important when one uses webpack or parceljs which have its own dev servers while rest is on another server.