angularjs cors cakephp-3.0

angularjs - CORS Cakephp 3.0 preflight para poner/eliminar falla



cakephp-3.0 (0)

Estoy tratando de hacer que CORS funcione dentro de mi aplicación. Pero la opción OPCIONES previas para PUT y DELETE está fallando todo el tiempo. Por ejemplo, la solicitud PUT:

OPTIONS /api/events/5b165c71-0676-4d67-aceb-5546aff8ea03 HTTP/1.1 Host: rest.app Connection: keep-alive Access-Control-Request-Method: PUT Access-Control-Request-Headers: accept, content-type Origin: http://frontend.app User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36 Accept: */* Referer: http://frontend.app/events/5b165c71-0676-4d67-aceb-5546aff8ea03/edit Accept-Encoding: gzip, deflate, sdch Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4,fr;q=0.2,it;q=0.2

y la respuesta de mi servidor (CakePHP 3.0)

Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:accept, content-type Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Origin:http://frontend.app Access-Control-Max-Age:86400 Connection:Keep-Alive Content-Type:text/html; charset=UTF-8 Date:Tue, 26 May 2015 15:21:24 GMT Keep-Alive:timeout=5, max=100 Server:Apache Transfer-Encoding:chunked X-DEBUGKIT-ID:75441af3-02b0-4945-a82c-5607287d4994 X-Powered-By:PHP/5.6.7

el mensaje de error es:

OPTIONS http://rest.app/api/events/5b165c71-0676-4d67-aceb-5546aff8ea03 XMLHttpRequest cannot load http://rest.app/api/events/5b165c71-0676-4d67-aceb-5546aff8ea03. Invalid HTTP status code 404

Entonces, la solicitud real no está permitida. Establecí el indicador withCredentials verdadero en Angular. ¿Todavía estoy tratando de solucionar un problema CORS o es el error con CakePHP? Intenté configurar los encabezados con php y con htaccess. Nada funcionó excepto GET y POST.

EDITAR:

encabezados

if (isset($_SERVER[''HTTP_ORIGIN''])) { header("Access-Control-Allow-Origin: {$_SERVER[''HTTP_ORIGIN'']}"); header(''Access-Control-Allow-Credentials: true''); header(''Access-Control-Max-Age: 86400''); // cache for 1 day } if (isset($_SERVER[''HTTP_ACCESS_CONTROL_REQUEST_HEADERS''])) { header("Access-Control-Allow-Headers: {$_SERVER[''HTTP_ACCESS_CONTROL_REQUEST_HEADERS'']}"); } if($_SERVER[''REQUEST_METHOD''] == ''OPTIONS'') { header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); }

CakePHP routes.php

$routes->resources(''Chapters'');

EventController

public function edit($id = null) { // $this->autoRender = false; $event = $this->Events->get($id, [ ''contain'' => [] ]); if ($this->request->is([''patch'', ''post'', ''put''])) { $event = $this->Events->patchEntity($event, $this->request->data); if ($this->Events->save($event)) { $message = ''The event has been saved.''; } else { $message = ''The event could not be saved. Please, try again.''; } } $this->set(array( ''event'' => $event, ''_serialize'' => array(''message'') )); }

El cliente que realiza la llamada con Restangular.

Restangular.one(''events'',event.id).put();

$ http no funcionó tan bien como una solicitud simple

solicitud xhr

var xmlhttp = new XMLHttpRequest(); xmlhttp.open(''PUT'',''http://rest.app/api/events/''+event.id,true); xmlhttp.send();

$ http

return $http({ url: ''http://rest.app/api/events/''+event.id, method: "PUT", data: event, dataType: ''json'', withCredentials: true, headers: { ''Content-Type'': ''application/json; charset=utf-8'' } });

EDICION 2:

Acabo de descubrir que si hago esto, funciona incluso si sigo recibiendo un error:

header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS"); if($_SERVER[''REQUEST_METHOD''] == ''OPTIONS'') { die; }

¿Esto me lleva más lejos? Sé que esa no es la solución.

EDIT 3:

Simplemente lo hice funcionar con estos cambios. No estoy seguro si estoy pirateando o si resuelvo CORS ¿verdad?

AngularJS:

$httpProvider.defaults.useXDomain = true; delete $httpProvider.defaults.headers.common[''X-Requested-With'']; $httpProvider.defaults.headers.common[''X-Requested-With''] = ''XMLHttpRequest'';

CAKEPHP webroot / index.php

// Allow from any origin if (isset($_SERVER[''HTTP_ORIGIN''])) { header("Access-Control-Allow-Origin: {$_SERVER[''HTTP_ORIGIN'']}"); header(''Access-Control-Allow-Credentials: true''); header(''Access-Control-Max-Age: 86400''); // cache for 1 day } // Access-Control headers are received during OPTIONS requests if ($_SERVER[''REQUEST_METHOD''] == ''OPTIONS'') { if (isset($_SERVER[''HTTP_ACCESS_CONTROL_REQUEST_METHOD''])) header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE"); if (isset($_SERVER[''HTTP_ACCESS_CONTROL_REQUEST_HEADERS''])) header("Access-Control-Allow-Headers: {$_SERVER[''HTTP_ACCESS_CONTROL_REQUEST_HEADERS'']}"); exit(0); }