Slim PHP Problem with CORS

Asked

Viewed 2,140 times

1

I’m trying to make a request on the server but I’m having trouble configuring the CORS, the api was developed with the Slim Php framework and I am using middleware PSR-7 and PSR-15 CORS middleware , I left as default the middleware settings, adding only ignoreloadingbar because of an angular component bug, I don’t know if I set the side-server:

Request:

Host: zooflora
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pt-BR,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,ignoreloadingbar
Origin: http://localhost:4200
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

Response:

HTTP/1.1 200 OK
Date: Tue, 24 Jul 2018 15:41:43 GMT
Server: Apache/2.4.33 (Win32) OpenSSL/1.1.0h PHP/7.2.5
X-Powered-By: PHP/7.2.5
Set-Cookie: PHPSESSID=p04ghhja7tp7jisk9fknrr1p9j; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Access-Control-Allow-Origin: http://localhost:4200
Vary: Origin
Access-Control-Allow-Headers: origin, content-type, authorization,
accept, ignoreloadingbar, x-requested-with,multipart/form-data
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

Even though it says status 200 Ok i received the message:

Http Failure Response is (Unknown url): 0 Unknown Error

and in Google Chrome:

Response to preflight request doesn’t pass access control check: The 'Access-Control-Allow-Origin' header contains Multiple values 'http://localhost:4200, *', but only one is allowed. Origin 'http://localhost:4200' is therefore not allowed access.

Applying: http://localhost:4200
Api: http://zooflora

Note: In Google Chrome when I add the line: Header set Access-Control-Allow-Origin "*" in the .htaccess I can handle the requisitions normally, but does not work in firefox, I use a addons in Mozilla to disable the CORS this way everything works correctly, but I need to know how to configure it correctly.

you can see here: https://previa.surpresapropaganda.com.br/login (just click on access and look at the console)

php cors slimframework

1 answer

3


After 3 days I managed to fix and configure correctly:

in the .htaccess this line is still required to work on Google Chrome, on Mozilla it makes no difference, I believe it ignores:

Header set Access-Control-Allow-Origin "*"

and the configuration in the Middleware was like this:

$app->add(new Tuupola\Middleware\CorsMiddleware([
    "origin" => ["http://dominio.com.br"],
    "methods" => ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],    
    "headers.allow" => ["Origin", "Content-Type", "Authorization", "Accept", "ignoreLoadingBar", "X-Requested-With", "Access-Control-Allow-Origin"],
    "headers.expose" => [],
    "credentials" => true,
    "cache" => 0,        
]));

I just had to add the method OPTIONS and remove some HEADRERS ALLOWS invalid. now everything is working correctly.

I could understand my problem better reading this doc Cross-Origin Resource Sharing

Browser other questions tagged php cors slimframework

You are not signed in. Login or sign up in order to post.