search

kartik-v / yii2-mpdf

A Yii2 wrapper component for the mPDF library which generates PDF files from UTF-8 encoded HTML.
http://demos.krajee.com/mpdf
Other
161 stars 150 forks source link

Missing response headers when returning pdf #78

Closed ifdion closed 5 years ago

ifdion commented 6 years ago

I am using a simple conditional based on request parameter to serve a pdf on a REST API

On my controller

  public function actionView($id)
  {
    $request = Yii::$app->request;
    $template = $request->get('generate');
    if (isset($template)) {

      $pdf = new Pdf([
          'orientation' => Pdf::ORIENT_LANDSCAPE, 
          'filename' => 'test-file.pdf',
          'mode' => Pdf::MODE_CORE,
          'content' => $this->renderPartial($template, ['model' => $this->loadModel($id)])
      ]);
      return $pdf->render();
    }
    return $this->loadModel($id);
  }

On a request the API returns the pdf with these headers

HTTP/1.1 200 OK
Date: Mon, 04 Jun 2018 05:36:24 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
Content-disposition: inline; filename="test-file.pdf"
Cache-Control: public, must-revalidate, max-age=0
Pragma: public
X-Generator: mPDF 7.0.2
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Mon, 04 Jun 2018 05:36:24 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/pdf

While on request without the generate parameter the API returns the data with these headers

HTTP/1.1 200 OK
Date: Mon, 04 Jun 2018 05:12:37 GMT
Server: Apache
X-Powered-By: PHP/7.1.12
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Expose-Headers: X-Pagination-Current-Page, X-Pagination-Page-Count, X-Pagination-Per-Page, X-Pagination-Total-Count
Content-Length: 18400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/json; charset=UTF-8

The pdf request are missing the Access-Control-Allow-Origin and the Access-Control-Expose-Headers

I am setting the headers on a parent controller with the method

  public function behaviors()
  {

    $behaviors = parent::behaviors();

    // remove authentication filter
    $auth = $behaviors['authenticator'];
    unset($behaviors['authenticator']);

    $auth = [
    'class' => HttpBearerAuth::className(),
    ];

    // add CORS filter
    $behaviors['corsFilter'] = [
      'class' => \yii\filters\Cors::className(),
      'cors' => [
        'Origin' => ['*'],
        'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
        'Access-Control-Request-Headers' => ['*'],
        'Access-Control-Allow-Credentials' => null,
        'Access-Control-Max-Age' => 86400,
        'Access-Control-Expose-Headers' => [
          'X-Pagination-Current-Page',
          'X-Pagination-Page-Count',
          'X-Pagination-Per-Page',
          'X-Pagination-Total-Count'
        ],
      ]
    ];

    // re-add authentication filter
    $behaviors['authenticator'] = $auth;
    // avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
    $behaviors['authenticator']['except'] = ['options'];

    return $behaviors;
  }
kartik-v commented 5 years ago

Check release v1.0.4.