![]() I’m on windows… but the question wasn’t really related to chrome or anything like that. Luckily this is is a personal project so I’m not really on a project budget lol… I did read that there might be a way using the Content-Type header on the front end that can avoid the preflight check but I have not looked into that yet so I might mess around with that when I have some time. Is there a better way to deal with this? I don’t want to have to manually deal with OPTIONS in all of my controller actions so I’m not sure there is… I just want to see if anyone else with more YII and CORS experience knows a better way. To work around this issue I finally just setup an “on beforeAction” in my web.php config file to set up a global controller beforeAction to basically just respond with a 200 OK and end the app immediately for all OPTIONS requests, after setting the required CORS headers. The 400+ error codes are a deal breaker for the OPTIONS preflight check so the browser just gives up and puts a CORS error in the console. ![]() ![]() The problem is that when OPTIONS is used, the post data was not included with the request so the login form threw a 400 HTTP error (by design) since the login failed. I finally got this working with CSRF (the withCredentials header on the front end was missing and that messed my csrf cookie stuff) but before I ran into that, I was hitting issues on my login form because chrome would actually send a secret OPTIONS request to the back end to get the ACCEPT headers to verify the CORS security stuff. While developing, the front end is running on localhost:3000 but the PHP/Apache server is running on my normal port 80 at appname.local host name. I’m building an app with a YII2 back-end and vuejs front end.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |