CORS issue on accessing API with JWT token
Question
I am facing a CORS issue when accessing Symfony REST API from angular with JWT token.
IIS server has been configured to access the application with domain name and IP address. The Front end code is in the same directory of Symfony.
Front end calls API with domain name. Accessing application from IP addresss with JWT token gives CORS issue since API is pointing to domain name.
I have set up response headers with below options in kernel listener.
I am using lexik/jwt-authentication-bundle to generating token(s)
$responseHeaders->set('Access-Control-Allow-Headers', 'origin, content-type, accept,authorization');
$responseHeaders->set('Access-Control-Allow-Origin', '*');
$responseHeaders->set('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, PATCH, OPTIONS');
$responseHeaders->set('Access-Control-Allow-Credentials', true);
I have also set up Nelmio CORS bundle with below options
enter code hernelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
forced_allow_origin_value: ~
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['*']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
'^/':
allow_origin: ['*']
allow_headers: ['*']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600e
Response Header:
allow
OPTIONS, TRACE, GET, HEAD, POST content-length
0 date
Mon, 13 Nov 2017 16:03:22 GMT public
OPTIONS, TRACE, GET, HEAD, POST server
Microsoft-IIS/10.0 X-Firefox-Spdy
h2
Thanks in Advance!
1 answers
solution1
2 2019-03-23 19:28:30
My web.config (Symfony 4):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Imported Rule 1" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php" appendQueryString="true" />
</rule>
</rules>
</rewrite>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Headers" value="origin, content-type, accept,authorization" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="POST, GET, PUT, DELETE, PATCH, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.