Access-Control-Allow-Origin: * does not work for all my domains

Asked

Viewed 654 times

3

I have four applications that use the same API, and the Access-Control-Allow-Origin: * not all of them, the only application that doesn’t work is the one that I’m using Zend Framework 2 and Symfony, I don’t know if it could have anything to do with.

Suppose that http://cloud.localhost.com.br is the URL of the application that does not work with *

When I change to Access-Control-Allow-Origin:http://cloud.localhost.com.br for example, it works normally. That is, if it works with URL, I suppose you have a problem with Access-Control-Allow-Origin: *.

Configuration of the API:

return array(
    'zfr_cors' => array(
    // LOCAL
      //'allowed_origins' => array('http://cloud.localhost.com.br'),

      'allowed_origins' => array('*'),

     /**
      * Set the list of HTTP verbs.
      */
      'allowed_methods' => array('GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'),

     /**
      * Set the list of headers. This is returned in the preflight request to indicate
      * which HTTP headers can be used when making the actual request
      */
      'allowed_headers' => array('Authorization', 'Accept', 'Content-Type'),

     /**
      * Set the max age of the preflight request in seconds. A non-zero max age means
      * that the preflight will be cached during this amount of time
      */
     // 'max_age' => 120,

     /**
      * Set the list of exposed headers. This is a whitelist that authorize the browser
      * to access to some headers using the getResponseHeader() JavaScript method. Please
      * note that this feature is buggy and some browsers do not implement it correctly
      */
     // 'exposed_headers' => array(),

     /**
      * Standard CORS requests do not send or set any cookies by default. For this to work,
      * the client must set the XMLHttpRequest's "withCredentials" property to "true". For
      * this to work, you must set this option to true so that the server can serve
      * the proper response header.
      */
      'allowed_credentials' => true,
   ),
);

Google Chrome console using Access-Control-Allow-Origin:http://cloud.localhost.com.br:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:32:49 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:49 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

and send the POST after:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:POST
Status Code:201 Created
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Expose-Headers:
Connection:Keep-Alive
Content-Length:179
Content-Type:application/hal+json
Date:Thu, 11 Feb 2016 14:32:50 GMT
Keep-Alive:timeout=5, max=100
Location:http://apps-api.localhost/v1/contato
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:50 GMT; Max-Age=3600; path=/
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:58 GMT; Max-Age=3600; path=/
Vary:Origin
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:109
Content-Type:application/json;charset=UTF-8
Cookie:XDEBUG_SESSION=netbeans-xdebug
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

And when I change to Access-Control-Allow-Origin: *:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:*
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:33:32 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:33:32 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

and does not send the post

  • hello, tried to put a . htaccess in your project, allowing this external access?

1 answer

-3

Browser other questions tagged

You are not signed in. Login or sign up in order to post.