CORS headers [team]

posted in: AngularJS, API | 0

The CORS headers which worked for me on PHP Apache and Chrome are:

header(“Access-Control-Allow-Origin: {$_SERVER[‘HTTP_ORIGIN’]}”);
header(‘Access-Control-Allow-Credentials: true’);
header(‘Access-Control-Max-Age: 0’);
header(“Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS”);
header(“Access-Control-Allow-Headers: {$_SERVER[‘HTTP_ACCESS_CONTROL_REQUEST_HEADERS’]}”);

For every POST, PUT, DELETE there are 2 requests (if you don’t cache the result).

The first is apparently refused, but in the header “accept” is passed in the first response which appears unsuccessful if you are not keeping an eye on the headers here:

Access-Control-Allow-Headers: accept

Then the next request appears to ask again, but this time succeeds at the PUT, POST or DELETE.

HTTP/1.1 200 OK
Date: Sat, 21 Feb 2015 21:19:08 GMT
Server: Apache
Access-Control-Allow-Origin: http://localhost:3000
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 24000
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: accept, content-type
Content-Length: 77
Content-Type: application/json; charset=utf-8

Leave a Reply