Menu
I have a mobile app that uses an API to authenticate a user via a login form.
This has been working fine up-to today.. and now today when I attempt to login I get the following message in the console log:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myapp.local/myAppApi/V1/appLogin.
This can be fixed by moving the resource to the same domain or enabling CORS.
Obviously I need to enable CORS from reading the message, within my myApiController.php I have the following code within my Yii application that I believe should be doing this:
protected function _renderJSON($status = 200)
{
$statusCodeMessage = $this->_getStatusCodeMessage($status);
header("HTTP/1.1 {$status} {$statusCodeMessage}");
// allow for Cross Origin Resource Sharing
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
header("Access-Control-Allow-Headers: Authorization");
header('Content-type: application/json');
echo CJSON::encode($this->jsonArray);
foreach (Yii::app()->log->routes as $route) {
if ($route instanceof CWebLogRoute) {
$route->enabled = false; // disable any weblogroutes
}
}
Yii::app()->end();
}
Could anyone assist on how I can fix this? The app is made with the cordova framework and the API it connects to works via an PHP app built using Yii.
Any advice would be appreciated
-- UPDATE -- I have added the following to my htaccess to no joy however
<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
Header set Access-Control-Allow-Headers: Authorization
Header set Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
</ifModule>
-- UPDATE -- I've come across this link which looks useful https://gist.github.com/sourcec0de/4237402
754
Open a network tab in your console. In the response header look for the Access-Control-Allow-Origin header. If it does not exist then add it as a middleware in the way we discussed above. If it does exist then make sure there is no URL mismatch with the website.
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages.
The CORS behavior, commonly termed as CORS error, is a mechanism to restrict users from accessing shared resources. This is not an error but a security measure to secure users or the website which you are accessing from a potential security bleach.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myapp.local/myAppApi/V1/appLogin. This can be fixed by moving the resource to the same domain or enabling CORS.
Try adding below code in API controller constructor, it works for me.
header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: PUT, GET, POST"); header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
