Headers not applied with Custom Api Module

splashlab / magento-2-cors-requests

Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain

Open Software License 3.0

69 stars 30 forks source link

Headers not applied with Custom Api Module #8

Closed sanjuro closed 5 years ago

sanjuro commented 6 years ago

Hey

Great module, we are experiencing an issue where we have installed your module and it works correctly for the base API endpoints that M2 provides.

We have written a custom API module and somehow the CORS headers are not applied, any info on this issue would be appreciated

We are using Magento version 2.1.9

thaddeusmt commented 6 years ago

It's hard to say with the information provided, and I have not coded on Magento in over a year... but I remember that there are two different ways of making an API endpoint: using the webapi.xml method and some other way.

This module assumes you are using the official webapi.xml method, so it's adding the CORS headers to the \Magento\Framework\Webapi\Rest\Response object. If your API is using the regular controller method with the \Magento\Framework\App\Response\Http object, the CORS headers will not be added by this module.

So, that could be the issue?

lovelysetia1992 commented 5 years ago

After installation of Splashlab_CoreRequests module,it show error :

Access to XMLHttpRequest at 'https://stg.magento.com:8888/backend/rest/V1/carts/mine/totals' from origin 'https://stg.magento.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values ', ', but only one is allowed.

This is node frontend url "https://stg.magento.com". Please guide me what i do?

thaddeusmt commented 5 years ago

I can't be sure since your local staging site doesn't load for me, but it looks like you may have set the "CORS Origin Url" (origin_url) to *, *, which is two values separated by a comma, and is not a valid (allowed) Access-Control-Allow-Origin value.

By default the value should be set to * on install, not *, *. Please check the admin configuration again to ensure it's set to a valid single value (like * or stg.magento.com, etc).

Also, this seems like a totally separate bug from the originally reported issue. Consider opening a new Issue on GitHub next time, thanks.

thaddeusmt commented 5 years ago

I'm going to close this as there has been no follow up in a few months, please open a new bug if you run in to more issues. Thanks.