Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Ci4 weird CORS issue
Ci4 weird CORS issue
  • Offline De0x95
    Newbie
  • *
  • Posts: 4
    Threads: 3
    Joined: Aug 2023
    Reputation: 0
#1
08-20-2023, 11:29 PM
(This post was last modified: 08-20-2023, 11:35 PM by De0x95.)

Hey Guys,

im still new to web development so please dont judge me Big Grin

Ive been trying to create a RESTful API with Ci4 and the frontend is VueJs3.

The frontend has the url "beta.example.de" and the API is another subdomain "api.example.de"
This is my Filter:
PHP Code:
<?php namespace App\Filters;

use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;


class CORS implements FilterInterface
{
    public function after(RequestInterface $requestResponseInterface $response$arguments null)
    {


    }

    public function before(RequestInterface $request$arguments null)
    {
        header("Access-Control-Allow-Origin: *");
        header("Access-Control-Allow-Headers: X-API-KEY, Origin,X-Requested-With, Content-Type, Accept, Access-Control-Requested-Method, Authorization");
        header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PATCH, PUT, DELETE");
        $method $_SERVER['REQUEST_METHOD'];
        if($method == "OPTIONS"){
            die();
        }
    }

And this is my request:
Code:
const guest = axios.create({
        baseURL: "https://api.example.de/"
      });

      await guest.get('bitte/test').then(function(res) {
        console.log(res);
      })

If anyone could tell me what Im missing here it would be very much appreciated.
Nevermind guys...

In the Filters.php I simply wrote "
PHP Code:
'cors' => CORS::Class, 
".
Apparently I hat to specify the path as "
Code:
'cors' => \App\Filters\CORS::class,
"
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,341
    Threads: 292
    Joined: Oct 2014
    Reputation: 235
#2
08-21-2023, 09:09 PM
(This post was last modified: 08-21-2023, 09:40 PM by InsiteFX. Edit Reason: added CORS code )

Dont use the * on a live web site:


Code:
Header set Access-Control-Allow-Origin "*"


Code:
## .htaccess Control For CORS Configuration

# Add Font Awesome Font Types
AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf        .ttf
AddType application/x-font-opentype  .otf
AddType application/font-woff        .woff
AddType application/font-woff2        .woff2

<IfModule mod_headers.c>
    <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg|svgz|jpg|png|wep|ico|font.css|css|js)$">
        ## un-remark this one for all access and remark out the one below it
        ## very un-secure!!!
        #Header set Access-Control-Allow-Origin "*"
        ## Change this to your local host url. and https or http
        Header add Access-Control-Allow-Origin: "https://yoursite.com"
        Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
        Header add Access-Control-Allow-Headers: "Upgrade-Insecure-Requests"
    </FilesMatch>
</IfModule>

See if that shows you whats wrong.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline demyr
    Senior Member
  • ****
  • Posts: 313
    Threads: 17
    Joined: Sep 2018
    Reputation: 6
#3
08-22-2023, 02:57 AM

(08-21-2023, 09:09 PM)InsiteFX Wrote: Dont use the * on a live web site:



Hi @InsiteFX , You're right, it's not correct to use * on a live website but do you have any experience for mobile apps? AFAIK they do not have any specific url/domain etc. How can we allow only for our mobile app?
Reply
  • Offline ozornick
    Super Moderator
  • ******
  • Posts: 316
    Threads: 20
    Joined: Jul 2022
    Reputation: 16
#4
08-22-2023, 08:47 AM

App is not required by CORS, it is only for browsers. There is an exception when the app is a web client
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,341
    Threads: 292
    Joined: Oct 2014
    Reputation: 235
#5
08-22-2023, 09:10 PM

[quote pid="411990" dateline="1692698256"]
Any non-conforming client (such as in a mobile app, or just a shell script invoking curl ),
can and usually will completely ignore CORS. Such clients don't have a Same-Origin Policy to begin with,
so there's nothing for CORS to make holes in and therefore it does nothing.

--------------------------------------------------------------------------------------------------------------------------------------------
[/quote]
(08-22-2023, 02:57 AM)demyr Wrote:
(08-21-2023, 09:09 PM)InsiteFX Wrote: Dont use the * on a live web site:



Hi @InsiteFX , You're right, it's not correct to use * on a live website but do you have any experience for mobile apps? AFAIK they do not have any specific url/domain etc. How can we allow only for our mobile app?
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline demyr
    Senior Member
  • ****
  • Posts: 313
    Threads: 17
    Joined: Sep 2018
    Reputation: 6
#6
08-24-2023, 04:12 AM

(08-22-2023, 08:47 AM)ozornick Wrote: App is not required by CORS, it is only for browsers. There is an exception when the app is a web client

So you guys mean, I should write my own domain for the
 
Code:
Header set Access-Control-Allow-Origin "*"
  
part and just keep going on with the app?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB