Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help Best practice/how to deal with CORS
Best practice/how to deal with CORS
  • Offline Willen
    Newbie
  • *
  • Posts: 4
    Threads: 2
    Joined: Apr 2024
    Reputation: 0
#1
04-12-2024, 06:06 AM
(This post was last modified: 04-12-2024, 06:20 AM by Willen. Edit Reason: Additional context )

Hello! 

I have had a project that have been running Codeigniter 3 for a long time and now I'm on a journey to convert it to Codeigniter 4.

I have a separate front end and I'm using Codeigniter as an api. When I tested my endpoints in postman it was working fine, then when I tested it in browser I was getting multiple CORS-erros, like:

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I read a bunch of threads on this forum and found one solution in this thread: https://forum.codeigniter.com/showthread.php?tid=80043 . The solution was to make a CORS-Filter and add options-routes for all my endpoints: https://gist.github.com/kenjis/e757d2b41...7e6eaa1254

Cors-filter:

Code:
<?php

declare(strict_types=1);

namespace App\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;

class Cors implements FilterInterface
{
    /**
    * @param array|null $arguments
    *
    * @return RequestInterface|ResponseInterface|string|void
    */
    public function before(RequestInterface $request, $arguments = null)
    {
        /** @var ResponseInterface $response */
        $response = service('response');

        // Set your Origin.
        $response->setHeader('Access-Control-Allow-Origin', getenv('CORS_ORIGIN'));

        // Set this header if the client sends Cookies.
        // $response->setHeader('Access-Control-Allow-Credentials', 'true');

        if ($request->is('OPTIONS')) {
            $response->setStatusCode(204);

            // Set headers to allow.
            $response->setHeader(
                'Access-Control-Allow-Headers',
                'X-API-KEY, X-Requested-With, Content-Type, Accept, Authorization'
            );

            // Set methods to allow.
            $response->setHeader(
                'Access-Control-Allow-Methods',
                'GET, POST, OPTIONS, PUT, PATCH, DELETE'
            );

            // Set how many seconds the results of a preflight request can be cached.
            $response->setHeader('Access-Control-Max-Age', '3600');

            return $response;
        }
    }

    /**
    * @param array|null $arguments
    *
    * @return ResponseInterface|void
    */
    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {
    }
}


Is this the best practice in dealing with cors preflights? Without the options route defined, I get CORS errors. Do I have to add options for all of my endpoints or am I missing something?

Code:
$routes->group('', ['filter' => 'cors'], static function (RouteCollection $routes): void {
  $routes->options('/auth/login', 'Auth::login');
  $routes->post('/auth/login', 'Auth::login');
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,349
    Threads: 91
    Joined: Oct 2014
    Reputation: 207
#2
04-13-2024, 07:53 PM

See https://codeigniter4.github.io/CodeIgnit.../cors.html
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB