peterp
February 16, 2022, 3:32pm
1
Hi all,
i have some routes in my kirby project which have to be accessible via api from a subdomain.
I put this into my config.php at the beginning:
header(‘Access-Control-Allow-Origin: https://mysudomain.domain.de/ ’);
I am always getting: has been blocked by CORS policy
With postman from my local machine it works…
I am using nuxt 2 with axios to make the call.
any ideas?
texnixe
February 16, 2022, 6:08pm
2
Maybe you have a typo and remove the trailing slash.
peterp
February 17, 2022, 6:21am
3
Hi,
i tried everything, with / without slash.
Api route and normal route.
this.$axios.post('http://test.local.com/api/tester', {'token' : 'test12'})
.then(resp => {
http://test.local.com/test/tester //normal route
Always runs into “has been blocked by CORS policy”. With nuxt proxy ist works locally but not the server build.
config.php first line:
header('Access-Control-Allow-Origin: http://localhost:3000');
Is there any middleware to bypass or anything else?
KR
texnixe
February 17, 2022, 6:52am
4
If you use the API, you need to authenticate. Although that is another problem. Have you tried setting the access control header to *
for testing?
peterp
February 17, 2022, 6:55am
5
yes i know, in postman i am getting the “Unauthenticated” message calling: /api/tester. Which i like cause i know this reaches the endpoint. With nuxt always cors…
texnixe
February 17, 2022, 6:56am
6
Well, Postman doesn’t send a javascript request, hence no CORS issues.
peterp
February 17, 2022, 6:59am
7
yes, it does not.
Do i need “Access-Control-Allow-Origin” in config.php /htaccess or index.php?
Hey max,
I’m stuck at the same point. I’m trying to integrate Kirby as headless with my Nuxt.js frontend via KQL Plugin.
No matter what I try, I always end up in the same CORS Preflight error… I’ve found two working solutions, but none of them make much sense to me:
Use a Netlify Proxy to bypass the Preflight. (we cannot host our website in netlify)
Have the Backend and Frontend in the same domain frontend.com and frontend.com/kirbybackend and make the requests to that specific route…
Have …
Really a bug? It must be a config problem…
peterp
February 17, 2022, 10:30am
8
I have got the solution…
in your htaccess at the beginning:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "Content-Type"
and really important:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
hope this will help others.
2 Likes