+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Add CORS headers to 404 page (/showthread.php?tid=86691)
Pages:
1
2
Add CORS headers to 404 page - ozornick - 02-12-2023
I have configured headers for requests. It works great. But when the browser sends CORS the OPTIONS pre request, my filter won't work for 404 pages. Where is the best place for me to fix this behavior?
Code:
Request URL: http://api.me/users/register2
Request Method: OPTIONS
Status Code: 404 Not Found
Remote Address: 127.0.0.100:80
Referrer Policy: strict-origin-when-cross-originRE: Add CORS headers to 404 page - InsiteFX - 02-12-2023
Please show your code where you are setting the CORS headers so that we can help you.
RE: Add CORS headers to 404 page - ozornick - 02-12-2023
i add filter to $before global in Filters.
In filter method before() set new response if request method OPTIONS and return $response->setHeader(...)
Oh, I may have found a mistake - always add 200 status. I'll try later
RE: Add CORS headers to 404 page - InsiteFX - 02-12-2023
Ok, let me know how you make out with this problem.
RE: Add CORS headers to 404 page - ozornick - 02-13-2023
No. I set status code. But filter not loaded by 404 page
PHP Code:
public function before(RequestInterface $request, $arguments = null)
{
$response = response()->setStatusCode(200)
->setHeader('Access-Control-Allow-Methods', '*')
->setHeader('Access-Control-Allow-Credentials', 'true')
->setHeader('Access-Control-Allow-Origin', 'http://localhost:3000')
->setHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization');
if ('options' === $request->getMethod()) {
return $response;
}
}
RE: Add CORS headers to 404 page - InsiteFX - 02-13-2023
Try changing the below, I do my CORS in the .htaccess file.
PHP Code:
// Change this
->setHeader('Access-Control-Allow-Methods', '*')
// To this and see if it works.
->setHeader('Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE,PUT')
RE: Add CORS headers to 404 page - ozornick - 02-13-2023
No, no. Problem is specifically in the filters. They do not apply to the 404 page. I do a "stop as dd()" in filter, but it doesn't even work.
In normal mode, my headers (with *) are sent without errors
RE: Add CORS headers to 404 page - InsiteFX - 02-14-2023
I don't know who wrote this CORS Filter but here goes.
You may need to change the namespace etc for yours.
PHP Code:
<?php
namespace Modules\Common\Filters;
use CodeIgniter\config\Services;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\Response;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
class CorsFilter implements FilterInterface
{
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
}
public function before(RequestInterface $request, $arguments = null)
{
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$origin = $_SERVER['HTTP_ORIGIN'];
} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$origin = $_SERVER['HTTP_REFERER'];
} else {
$origin = $_SERVER['REMOTE_ADDR'];
}
$allowed_domains = [
'http://localhost:4200',
'https://exmple.com',
'https://www.exmple.com',
];
if (in_array($origin, $allowed_domains)) {
header('Access-Control-Allow-Origin: ' . $origin);
}
header("Access-Control-Allow-Headers: Origin, X-API-KEY, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Allow-Headers, Authorization, observe, enctype, Content-Length, X-Csrf-Token");
header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Max-Age: 3600");
header('content-type: application/json; charset=utf-8');
$method = $_SERVER['REQUEST_METHOD'];
if ($method == "OPTIONS") {
header("HTTP/1.1 200 OK CORS");
exit();
}
}
}
RE: Add CORS headers to 404 page - ozornick - 02-14-2023
It eqal my filter. But i return $response, in your example hard exit().
This won't work because the high-level filter isn't called. My dd() didn't stop
RE: Add CORS headers to 404 page - kenjis - 08-04-2023
@ozornick Why do you need to apply filters to 404 page?
For what?