The background:
I have a slim based API created and currently running at a local domain, e.g localhost/api
I have a mobile app using the ionic framework (based off of angular) and have the following code using the httpClient as http:
let accessurl = this.general.apiURL + '/v2/update/status/' + this.machineToChange;
const headers = new HttpHeaders()
.set('Authorization', 'Bearer: ' + this.general.apiKey);
this.http.put(accessurl, {
statusFuelled: 1
}, { headers: headers }).subscribe(result => {
console.log(JSON.stringify(result));
}, err => {
console.log(JSON.stringify(err));
});
I have tried every stack overflow question i could find to let the slim framework disable cors, here is just a few:
$app->options('/update/status/{machineNo}', function ($request, $response) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
return $response->withStatus(200);
});
Or:
//http://stackoverflow.com/questions/18382740/cors-not-working-php
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
Or:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
header('Content-Type: application/json');
Or in .HTACCESS:
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header add Access-Control-Allow-Headers: Content-Type
And many more middlewares using composer.
I have also ran the code from the Slim Website with no success.
Non have worked, and it is causing me so much trouble, so i just want CORS disabled permanently as it is doing way more harm than good.
I have no idea where the issue is being caused by, a wrong httpClient request or CORS being a pain like normal.
If anyone could help, please let me know.
I'm running PHP 5.6 due to server restrictions, so middlewares like tuupola/cors won't work due to being PHP <7
Some errors:
Safari Throws: Failed to load resource: Preflight response is not successful
Chrome Throws: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 405.
Chrome also Throws: OPTIONS http://localhost/api/v2/update/status/{ID} 405 (Method Not Allowed)