Cors policy filter not work

I make a filter to fix CORS Policy errors:

CorsFilter.php:

PHP Code:

namespace App\Filters;

use CodeIgniter\Filters\FilterInterface;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;

class CorsFilter implements FilterInterface
{
    public function before(RequestInterface $request, $arguments = null)
    {

        header('Access-Control-Allow-Origin: *');
        header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE, OPTIONS");
        header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
        header('Content-Type: application/json');
        $method = $_SERVER['REQUEST_METHOD'];
        if ($method == "OPTIONS") {
            header('Access-Control-Allow-Origin: *');
            header("Access-Control-Allow-Headers: X-API-KEY, Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method,Access-Control-Request-Headers, Authorization");
            header("HTTP/1.1 200 OK");
            die();
        }

    }

    public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
    {
        //
    }
} 


Filters.php

PHP Code:

    public array $aliases = [
        'csrf'          => CSRF::class,
        'toolbar'      => DebugToolbar::class,
        'honeypot'      => Honeypot::class,
        'invalidchars'  => InvalidChars::class,
        'secureheaders' => SecureHeaders::class,
        'cors'          => CorsFilter::class //Add
    ];

    public array $globals = [
        'before' => [
            // 'honeypot',
            // 'csrf',
            // 'invalidchars',
            'cors' //Add
        ],
        'after' => [
            'toolbar',
            // 'honeypot',
            // 'secureheaders',
        ],
    ]; 


Routes.php:

PHP Code:

$routes->post('api/login', 'Api\Auth\LoginController::jwtLogin', ['filter' => 'cors']); 


Now in action CorsFilter Doesn't work and I've faced with this error:

Code:

Access to XMLHttpRequest at 'http://api/auth/jwt' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Just For Test: I put my code in index.php and surprisingly, this worked truly and fix CORS policy errors.

How to create a filter to fix CORS policy errors?!

You need to set OPTIONS routes.
If there is no route, control filters does not execute.

Also, you should not send 'Access-Control-Allow-Origin: *'.
You should set your origin URL.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

You need to set OPTIONS routes.
If there is no route, control filters does not execute.

Also, you should not send 'Access-Control-Allow-Origin: *'.
You should set your origin URL.

I changed routes to:

Code:

$routes->options('api/login', 'Api\Auth\LoginController::jwtLogin', ['filter' => 'cors']);

And Changed:

Code:

header('Access-Control-Allow-Origin: http://localhost:5173');

Both of them return same error.

Is the route correct? You need to define all routes for OPTIONS requests.

First of all, everyone should understand what CORS is.
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper

See CodeIgniter 4 CORS configuration.

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper