What steps will reproduce the problem?
I add the corsFilter in behaviors of my controller which extend \yii\rest\Controller like below
``````
/**
- This is class file for Controller.
- This is base controller for non-restful apis
*
*/
namespace backend\components;
use Yii;
use yii\filtersCors;
use backend\behaviorsControllerBehavior;
class Controller extends \yii\restController
{
/**
* This method is used to valide the user's authority with token.
* This method is invoked right before an action is executed.
*
* The method will trigger the [[EVENT_BEFORE_ACTION]] event. The return value of the method
* will determine whether the action should continue to run.
*
* If you override this method, your code should look like the following:
*
* php
* public function beforeAction($action)
* {
* if (parent::beforeAction($action)) {
* // your custom code here
* return true; // or false if needed
* } else {
* return false;
* }
* }
*
*
* @param Action $action the action to be executed.
* @return boolean whether the action should continue to run.
*/
public function beforeAction($action)
{
if (parent::beforeAction($action)) {
$this->attachBehavior('ControllerBehavior', new ControllerBehavior);
return $this->checkAuth();
}
throw new HttpException(400, "Fail to resolve the action.");
}
/**
* serialize the response in format of json
*
*/
public $serializer = [
'class' => 'yii\rest\Serializer',
'collectionEnvelope' => 'items',
];
public function behaviors()
{
return array_merge([
'corsFilter' => [
'class' => Cors::className(),
'cors' => [
'Origin' => [
'http://web.wm.com'
],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'DELETE'],
'Access-Control-Allow-Credentials' => true,
],
],
], parent::behaviors());
}
}
``````
I use angular to call the api which use POST verb, but error happens like below
I find the OPTIONS request call the real action, so cause the action throw 400 exception. I don't know why? I think the OPTIONS request should not reach the action.
Additional info
| Q | A |
| --- | --- |
| Yii version | 2.0 |
| PHP version | 5.5.37 |
| Operating system | linux |
tonyzheng121
All 2 comments
1- you are missing the Options Action which is defined in \yii\rest\ActiveController but not in parent \yii\rest\Controller. you'll need to manually add it. (quick example this + this)
2- CORS should be handled before authentication + parent authenticator already defined in \yii\rest\Controller should be unset. check those 2 links from docs for more details:
http://www.yiiframework.com/doc-2.0/guide-structure-filters.html#cors
http://www.yiiframework.com/doc-2.0/guide-rest-controllers.html#cors
tunecino
on 8 Sep 2016
_This is an automated comment, triggered by adding the label question._
Please note, that the GitHub Issue Tracker is for bug reports and feature requests only.
We are happy to help you on the support forum, on IRC (#yii on freenode), or Gitter.
Please use one of the above mentioned resources to discuss the problem.
If the result of the discussion turns out that there really is a bug in the framework, feel free to
come back and provide information on how to reproduce the issue. This issue will be closed for now.
yii-bot
on 8 Sep 2016
Related issues
nokimaro
路
3Comments
MUTOgen
路
3Comments
newscloud
路
3Comments
skcn022
路
3Comments
SamMousa
路
3Comments
Most helpful comment
1- you are missing the Options Action which is defined in
\yii\rest\ActiveControllerbut not in parent\yii\rest\Controller. you'll need to manually add it. (quick example this + this)2- CORS should be handled before authentication + parent authenticator already defined in
\yii\rest\Controllershould be unset. check those 2 links from docs for more details:http://www.yiiframework.com/doc-2.0/guide-structure-filters.html#cors
http://www.yiiframework.com/doc-2.0/guide-rest-controllers.html#cors