Skip to content
This repository has been archived by the owner on Jun 20, 2019. It is now read-only.

has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #9

Closed
danisetg opened this issue Feb 14, 2019 · 1 comment
Closed

has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. #9

danisetg opened this issue Feb 14, 2019 · 1 comment
Assignees
@mtangoo
Labels
bug

Comments

@danisetg
Copy link

danisetg commented Feb 14, 2019
edited
Loading

Hi, I am building an Api restful using yii2, and I have installed the vendor for managing the oauth2 authentication, but I am having some troubles with the login. When I try it from insomnia everything goes great:
image

But when I try it out from my angular 7 front app, I receive the error:
Access to XMLHttpRequest at 'http://localhost:8080/oauth2/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Cross-Origin Read Blocking (CORB) blocked cross-origin response http://localhost:8080/oauth2/token with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

Even if the post request returns the status code 200, the response is blocked and doesn't show.

This is my behavior function in SiteController:

 public function behaviors()
    {
        $behaviors = parent::behaviors();
        unset($behaviors['authenticator']);
        return [
            'corsFilter' => [
                'class' => \yii\filters\Cors::class,
                'cors' => [
                    // restrict access to
                    'Origin' => ['*'],
               // Allow  methods
                    'Access-Control-Request-Method' => ['POST', 'PUT', 'OPTIONS', 'GET'],
                    // Allow only headers 'X-Wsse'
                    'Access-Control-Request-Headers' => ['*'],
                    'Access-Control-Allow-Headers' => ['Content-Type'],
                    // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
                    //'Access-Control-Allow-Credentials' => true,
                    // Allow OPTIONS caching
                    'Access-Control-Max-Age' => 3600,
                    // Allow the X-Pagination-Current-Page header to be exposed to the browser.
                    'Access-Control-Expose-Headers' => ['*'],
                ],
            ],
            'access' => [
                'class' => AccessControl::className(),
                'only' => ['logout'],
                'rules' => [
                    [
                        'actions' => ['logout'],
                        'allow' => true,
                        'roles' => ['@'],
                    ],
                ],
            ],
            'verbs' => [
                'class' => VerbFilter::className(),
                'actions' => [
                    'logout' => ['post'],
                ],
            ],
        ];
    }

Can someone give me a hand with this please
@mtangoo mtangoo self-assigned this Mar 5, 2019
@mtangoo mtangoo added the bug label Mar 5, 2019
@mtangoo
Copy link
Contributor

mtangoo commented Mar 5, 2019

It should be fixed with your PR. If not please reopen it

@mtangoo mtangoo closed this as completed Mar 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mtangoo mtangoo

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mtangoo @danisetg