Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’

public function behaviors() {

        // LogactionBehavior::className(),
        $behaviors = parent::behaviors();
        // $behaviors['corsFilter'] = [
        //      'class' => \yii\filters\Cors::className(),
        //      'cors' => [
        //         // restrict access to domains:
        //         'Origin'                           => static::allowedDomains(),
        //         'Access-Control-Request-Method'    => ['POST'],
        //         'Access-Control-Allow-Credentials' => true,
        //         'Access-Control-Max-Age'           => 3600,                 // Cache (seconds)
        //     ],
        // ];
        $behaviors['corsFilter'] = [
               'class' => \yii\filters\Cors::className(),
               'cors' => [
                   'Origin' => ['*'],
                   'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
                   'Access-Control-Request-Headers' => ['*'],
                   'Access-Control-Allow-Credentials' => false,
               ],
           ];
        $behaviors['authenticator'] = [
            'class' => HttpBearerAuth::className(),
            'except' => ['login', 'refresh'],
        ];

        return $behaviors;
    }

Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’

Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’

categories

POPULAR