Yii2: Cors behaviors cannot use with \yii\rest\ActiveController

Created on 15 Jan 2015  路  4Comments  路  Source: yiisoft/yii2

Cors behaviors use beforeAction but ActiveController cannot call this method.

need more info
Source
picture alimvedats

Most helpful comment

ActiveController and corsFilter works fine for me
Part of ActiveController class

    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        $behaviors = parent::behaviors();
        $behaviors['authenticator'] = [
                'class' => CompositeAuth::className(),
                'authMethods' => [
                    [
                        'class' => QueryParamAuth::className(),
                        'tokenParam' => 'session_token'
                    ],
                    [
                        'class' => HttpBasicAuth::className(),
                        'auth' => false
                    ]
                ]
        ];
        $behaviors['contentNegotiator'] = [
            'class' => 'yii\filters\ContentNegotiator',
            'formats' => [
                'text/html' => Response::FORMAT_JSON,
                'application/json' => Response::FORMAT_JSON,
                'application/xml' => Response::FORMAT_XML,
            ],
        ];
        $behaviors['corsFilter'] = [
            'class' => \yii\filters\Cors::className(),
            'cors' => [
                'Origin' => ['*'],
                'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
                'Access-Control-Request-Headers' => ['*'],
                'Access-Control-Allow-Credentials' => true,
                'Access-Control-Max-Age' => 86400,
            ],
        ];
        return $behaviors;
    }

Request

$ curl -H "Origin: http://2gis.test" http://favo<skipped>d4 --verbose
< HTTP/1.1 200 OK
* Server nginx is not blacklisted
< Server: nginx
< Date: Mon, 02 Feb 2015 13:57:56 GMT
< Content-Type: application/json; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: http://2gis.test
< Access-Control-Allow-Credentials: true
<
* Connection #0 to host favo<skipped> left intact
{"meta":...

Yii 2.0.2

picture aotd1 on 2 Feb 2015
👍4

All 4 comments

Please elaborate a bit more. Are you getting any error? How to reproduce it? What's the message and stack trace?

samdark picture samdark on 15 Jan 2015

ActiveController and corsFilter works fine for me
Part of ActiveController class

    /**
     * @inheritdoc
     */
    public function behaviors()
    {
        $behaviors = parent::behaviors();
        $behaviors['authenticator'] = [
                'class' => CompositeAuth::className(),
                'authMethods' => [
                    [
                        'class' => QueryParamAuth::className(),
                        'tokenParam' => 'session_token'
                    ],
                    [
                        'class' => HttpBasicAuth::className(),
                        'auth' => false
                    ]
                ]
        ];
        $behaviors['contentNegotiator'] = [
            'class' => 'yii\filters\ContentNegotiator',
            'formats' => [
                'text/html' => Response::FORMAT_JSON,
                'application/json' => Response::FORMAT_JSON,
                'application/xml' => Response::FORMAT_XML,
            ],
        ];
        $behaviors['corsFilter'] = [
            'class' => \yii\filters\Cors::className(),
            'cors' => [
                'Origin' => ['*'],
                'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
                'Access-Control-Request-Headers' => ['*'],
                'Access-Control-Allow-Credentials' => true,
                'Access-Control-Max-Age' => 86400,
            ],
        ];
        return $behaviors;
    }

Request

$ curl -H "Origin: http://2gis.test" http://favo<skipped>d4 --verbose
< HTTP/1.1 200 OK
* Server nginx is not blacklisted
< Server: nginx
< Date: Mon, 02 Feb 2015 13:57:56 GMT
< Content-Type: application/json; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Origin: http://2gis.test
< Access-Control-Allow-Credentials: true
<
* Connection #0 to host favo<skipped> left intact
{"meta":...

Yii 2.0.2

aotd1 picture aotd1 on 2 Feb 2015
👍4

aotd1: excellent contribution my friend took me out of trouble

shades3002 picture shades3002 on 3 Feb 2016

for me, adding cors doesnt restrict the access as it should, though verb filter works totally fine

public function behaviors(){
        $behaviors = parent::behaviors();
        $behaviors['verbFilter']= [
            'class'=>VerbFilter::className(),
            'actions'=>[
                    'list'=>['get'],
                    'update'=>['put'],
                    'view'=>['get','head'],
                    'create'=>['post'],
                ],
        ];
        $auth = $behaviors['authenticator'];
        unset($behaviors['authenticator']);

        $behaviors['corsFilter']=[
            'class'=>\yii\filters\Cors::className(),
            'cors'=>[
                    'Access-Control-Request-Headers' => [
                        'token1', 
                        'token2',],
                    ],
        ];

        return $behaviors;
    }

i'm using a controller that extends yii\rest\Controller, btw

SabrinaMadX picture SabrinaMadX on 18 Jan 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sobit picture sobit  路  3Comments
indicalabs picture indicalabs  路  3Comments
Locustv2 picture Locustv2  路  3Comments
sahifedp picture sahifedp  路  3Comments
kminooie picture kminooie  路  3Comments