Cross-domain prepaid options are FORBIDDEN

Question

Cross-domain prepaid options are FORBIDDEN

Updated code and reason below

I am creating a client-side application that has the ability to talk to the Phil Sturgeons flame protection application .

The problem is trying to request a login method. They prompt me OPTIONS http://site/api/login 403 (Forbidden)and OPTIONS http://site/api/login Invalid HTTP status code 403.

I enabled CORS both at the server level and at the apache level, in the hope that it could change the response messages. INapplication/config/config.php

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS');
header('Access-Control-Allow-Headers: X-API-KEY, X-AUTH-TOKEN');
// header('Access-Control-Allow-Methods: OPTIONS, true, 200'); <- tried this also

Apache level in httpd.conf

Header always set Access-Control-Allow-Origin "*"                   
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, PUT, DELETE"

JQuery code, I commented on previous approaches to sending different headers. If X-API-KEYnot specified, it will return a corresponding error {"status":false,"error":"Invalid API Key."}

$.ajax({
    type: "POST",
    url: "http://site/api/login",
    data: {data : encrypted_login},
    headers: {"X-API-KEY": "_API_KEY_"},
    // headers: {"X-API-KEY": "_API_KEY_", "Content-Type":  "application/x-www-form-urlencoded"},
    // beforeSend: function( xhr ) {
        // xhr.overrideMimeType( "application/x-www-form-urlencoded;" );
        // xhr.setRequestHeader('X-API-KEY', '_API_KEY_');
        // xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded;');
        // Tried different Content-Types to try avoid the pre-flight call
    // },
    // crossDomain: true,
    // dataType: 'json',
    success: function(data) {
       console.log('success' + data); // show response from the PHP .
    },
    error: function(XMLHttpRequest, textStatus, errorThrown){
        alert(errorThrown); // throws empty
    },
    fail: function(data) {
        console.log('fail login : ',data);
    }
});

Restoration OPTION, PATCH HEAD. , , 200. , .

function login_options(){
    $this->response(array('response' => 'Hello World!'), 200);
}

. chrome POSTMAN , login_options, .

: - Phil Sturgeons, , . 3.0.0-pre

: . API .

Update:

. , , Phil Sturgeons .

, , .

httpd-vhosts.conf

<VirtualHost *>
DocumentRoot "/Users/admin/Sites/rest_library"
ServerName rest_library
ErrorLog "/private/var/log/apache2/rest_library-error_log"
CustomLog "/private/var/log/apache2/rest_library-access_log" common
<Directory "/Users/admin/Sites">
    AllowOverride All
    Options Indexes FollowSymLinks MultiViews
    Order allow,deny
    Allow from all
</Directory>
</VirtualHost>

mates httpd-vhosts.conf

<VirtualHost *:80>
  ServerName restserver
  DocumentRoot "/Users/admin/Sites/codeigniter-restserver"
  DirectoryIndex index.php
  <Directory "/Users/admin/Sites/codeigniter-restserver">
    AllowOverride All
    Allow from All
  </Directory>
</VirtualHost>

, http://localhost/rest_library/api/. CNAMES, . , , , , , .

, Access-Control-Allow-Headers , Access-Control-Allow-Credentials,

header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN']);

+4

jquery php cors apache codeigniter

Bankzilla 04 . '14 21:48

2

Greg · Answer 1 · 2014-02-12T19:38:46+0000

- _ .

https://github.com/philsturgeon/codeigniter-restserver/blob/4fb294b45607d394871a9d1cb9828e789195826a/application/libraries/REST_Controller.php#L681

Kanad Godse · Answer 2 · 2016-04-27T07:08:48+0000

, !

, , php die()!

: fooobar.com/questions/537756/...

Cross-domain prepaid options are FORBIDDEN

Updated code and reason below

Update:

More articles: