OPTIONS request and Access-Control-Allow-Headers

Question

OPTIONS request and Access-Control-Allow-Headers

Closed this issue 5 years ago · 4 comments

I implemented JWT in my API and now I need to send the token as an Authorization header.
Problem is that whenever I make OPTIONS request to the endpoint the response I get in Access-Control-Allow-Headers is Content-Type.

What should I do?
Thanks

Answer 1 · 2019-05-02T15:55:36.000Z

Can you give a code example please.

Answer 2 · 2019-05-02T16:26:44.000Z

Sure, here is the simplest example:

use Respect\Rest\Router;

$r3 = new Router;
$r3->get('/endpoint', function() {
    return 'Hello World';
});

Then in postman I make an OPTIONS request to /endpoint and in the response header I see:
Access-Control-Allow-Headers →Content-Type

But I would need:
Access-Control-Allow-Headers →Content-Type, Authorization

Because I send a bearer token with my requests in the Authorization header.

Answer 3 · 2019-05-03T10:07:33.000Z

So I managed to solve this issue on my end, it's nothing urgent anymore.

This was caused by CORS: I'm running apache on localhost:80 where my api lives and my front-end runs on localhost:8080. Chrome was issuing the OPTIONS preflight request because of this. I made a proxy from 8080 to 80 and all works as expected.

Answer 4 · 2019-05-28T17:22:58.000Z

@angi- Glad you find a solution.

Closed: Resolved