search

ozee31 / cakephp-cors

A CakePHP (3.3+) plugin for activate cors domain in your application
MIT License
43 stars 31 forks source link

OPTION method seem not working propery with CakePHP 4.1.5 #30

Open emanueledona opened 3 years ago

emanueledona commented 3 years ago

Hi, sorry for boring you but i'm stuck in the problem to make work the plugin with Cakephp 4.1.5.

I try to expose the configuration.

I'm creating an Angular App that work on a domani http://localhost:4200; the REST API server (cakephp) is working at http://work.local/.../api/.

I'm sure the two apps are working because if i put in bootstrap.php the headers below all the calls works fine: header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS'); header('Access-Control-Allow-Headers: *'); if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') { exit(0); }

I try configuring the plugin and using it with the default configuration BUT still now works if the call has preflight OPTION request.

The error is :

Access to XMLHttpRequest at 'http://work.local/.../api/v1/cms-orders.json' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I'm confused.

emanueledona commented 3 years ago

After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.

I try to write a middleware by my own and with the same function but with: ->withStatus(200,'Some text here'); the preflight request is manage correctly and all is working.

I don't understand if it is a good solution or only a workaround; I ask your opinion about this.

azriel49 commented 3 years ago

Same issue for me

cyberbobjr commented 3 years ago

same issue too

jfalbel commented 3 years ago

Same for me

gringlas commented 3 years ago

same here

gringlas commented 3 years ago

After a day of searches and work I had manage a possible solution for me: the problem is that in the middleware of the plugin at the if OPTIONS it don't return any status code 200 (OK) and message.

I try to write a middleware by my own and with the same function but with: ->withStatus(200,'Some text here'); the preflight request is manage correctly and all is working.

I don't understand if it is a good solution or only a workaround; I ask your opinion about this.

If I try that I still recieve a 302 Found status code, which will result in a 'Redirect is not allowed for a preflight request', see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed

For me only the solution with adding this to bootstrap.php is working:

if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
    header('Access-Control-Allow-Origin: ');
    header('Access-Control-Allow-Methods: POST, GET, PUT, PATCH, DELETE, OPTIONS');
    header('Access-Control-Allow-Headers: authorization');
    header('Access-Control-Expose-Headers: authorization');
    exit(0);
}

But I also don't know if that is a good solution. I also don't know if this a problem of cakephp-cors or has to do with Crud Plugin and Crud.Api Listener or cake4 itself.

rrd108 commented 3 years ago

I had a very similar issue with a vuejs frontend and CakePHP 4.2.4

In my case I tried to access http://localhost:8083/sangavue/api/users/login.json via axios and I got the same error.

In CorsMiddleware.php at line 19 there is a call for $response = $handler->handle($request);

As I use restful routing I do not have templates/Users/json/login.php file. The line above created an exception for OPTIONS calls, and that is why the axios call is failed.

Creating an empty templates/Users/json/login.php file solved my problem.

rrd108 commented 3 years ago

Actually #32 solves the problem.

braguzz commented 2 years ago

32 solves the problem for me too

cniklas commented 2 years ago

32 works for mee, too.

Since nothing happens there since July 2021 I copied the patch @rabp99 offered there, regarding the change requests from @LukeC8 and put it into a new PR: #33

toggenation commented 2 years ago

I just had the issue I was trying to send an "Authorization: Token " header from my react dev localhost:3000 environment to CakePHP 4.3.7 but OPTIONS doesn't send an Authorization header and the Auth Middleware further down the chain returns a 302 redirect to /users/login killing the pre-flight request.

33 works you can pull it in with composer from git-hub

{
 // composer.json
 ... snippage
  "repositories": [
    {
      "type": "vcs",
      "url": "https://github.com/cniklas/cakephp-cors"
    }
  ],
  "require": {
    "ozee31/cakephp-cors": "dev-master",
  },
  // ... snippage
  }
composer update