Hello,
I succeeded in allowing CORS middleware.
But apiCorsAllowedOriginList seems to have no effect if you add mod_headers in your .htaccess
Like him in this post, I had to add headers to make the CORS middleware works :
And when mod_headers are added then, it seems apiCorsAllowedOriginList has no effect
So I made it works ! Yeah !
So for info here is the code :
Here is my .htaccess file /public/api/v1/.htaccess
Added this on data/config.php
------
For the record and for anyone who is struggling with the CORS Middleware, here is the rest of my files as an example.
Added this in custom/Espo/Custom/Resources/routes.json
this in custom/Espo/Custom/Resources/metadata/app/api.json
So it works. I had to modify/create 4 files in total.
I'm sharing this mostly for other people, but if anyone can answer theses 2 questions :
1. Is it normal ? Maybe .htaccess rules overwrite config.php rules and that's normal.
2. In which case apiCorsAllowedOriginList works ?
Have a great day.
---
After further looking, it seems a normal behavior.
But I'm happy to share what made it works.
I succeeded in allowing CORS middleware.
But apiCorsAllowedOriginList seems to have no effect if you add mod_headers in your .htaccess
Like him in this post, I had to add headers to make the CORS middleware works :
And when mod_headers are added then, it seems apiCorsAllowedOriginList has no effect
So I made it works ! Yeah !
So for info here is the code :
Here is my .htaccess file /public/api/v1/.htaccess
Code:
<IfModule mod_headers.c> Header always set Access-Control-Allow-Origin "https://LANDINGPAGEwebsite.com" Header always set Access-Control-Allow-Methods "POST, OPTIONS" Header always set Access-Control-Allow-Headers "Content-Type, Accept, X-Api-Key" Header always set Access-Control-Allow-Credentials "true" </IfModule>
Code:
return [ 'apiCorsAllowedOriginList' => [ 0 => 'https://FAKEwebsite.com' // I allowed ONLY one other website to test but I could post from "https://LANDINGPAGEwebsite.com" so it had no effect. I can remove it completely ], 'apiCorsAllowedMethodList' => [ // I only allowed POST and OPTIONS in my case, but here the possibilities from what I 0 => 'GET', 1 => 'POST', 2 => 'PUT', 3 => 'PATCH', 4 => 'DELETE', 5 => 'OPTIONS' ], 'apiCorsAllowedHeaderList' => [ 0 => 'Content-Type', 1 => 'Accept', 2 => 'X-Api-Key' ],
For the record and for anyone who is struggling with the CORS Middleware, here is the rest of my files as an example.
Added this in custom/Espo/Custom/Resources/routes.json
Code:
[ { "route": "/Lead/:id", "method": "options" }, { "route": "/Lead", "method": "options" } ]
Code:
{ "globalMiddlewareClassNameList": [ "Espo\\Tools\\Api\\Cors\\Middleware" ] }
I'm sharing this mostly for other people, but if anyone can answer theses 2 questions :
1. Is it normal ? Maybe .htaccess rules overwrite config.php rules and that's normal.
2. In which case apiCorsAllowedOriginList works ?
Have a great day.
---
After further looking, it seems a normal behavior.
But I'm happy to share what made it works.