Tweet
Hello,
I succeeded in allowing CORS middleware.
And just wanted to share because I struggled to understand.
Like him in this post, I had to add headers to make the CORS middleware works :
https://forum.espocrm.com/forum/gene...791#post108791
And when mod_headers are added then, apiCorsAllowed... in config.php is useless.
So for info here is the code.
data/config.php
If it does not work you don't need to modify the config.php.
But you need to add mod_headers to your .htaccess
.htaccess file /public/api/v1/.htaccess
So only one of this file is needed.
---
Then this in custom/Espo/Custom/Resources/routes.json
this in custom/Espo/Custom/Resources/metadata/app/api.json
Have a great day.
I succeeded in allowing CORS middleware.
And just wanted to share because I struggled to understand.
Like him in this post, I had to add headers to make the CORS middleware works :
https://forum.espocrm.com/forum/gene...791#post108791
And when mod_headers are added then, apiCorsAllowed... in config.php is useless.
So for info here is the code.
data/config.php
Code:
return [ 'apiCorsAllowedOriginList' => [ 0 => 'https://FAKEwebsite.com' ], 'apiCorsAllowedMethodList' => [ 0 => 'GET', 1 => 'POST', 2 => 'PUT', 3 => 'PATCH', 4 => 'DELETE', 5 => 'OPTIONS' ], 'apiCorsAllowedHeaderList' => [ 0 => 'Content-Type', 1 => 'Accept', 2 => 'X-Api-Key' ],
But you need to add mod_headers to your .htaccess
.htaccess file /public/api/v1/.htaccess
Code:
<IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "https://LANDINGPAGEwebsite.com" Header always set Access-Control-Allow-Methods "POST, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, Accept, X-Api-Key" Header always set Access-Control-Allow-Credentials "true" </IfModule>
---
Then this in custom/Espo/Custom/Resources/routes.json
Code:
[
{
"route": "/Lead/:id",
"method": "options"
},
{
"route": "/Lead",
"method": "options"
}
]
Code:
{
"globalMiddlewareClassNameList": [
"Espo\\Tools\\Api\\Cors\\Middleware"
]
}