API CORS

[Andreas Fuchs]

Hi all,

I'm trying to develop a webapp as an interface between Phraseanet and a digital signage solution and I can't get the CORS working correctly. I tried several options with the api_cors configuration but had no success so far. (The configuration was compiled with bin/console comp:conf and is reflected in configuration-compiled.php).

My current configuration is below. I assume allow_headers and expose_headers are not necessary, but I tried to set something everywhere in the end to see if anything would get this working.

api_cors:
    enabled: true
    allow_credentials: true
    allow_origin: '*'
    allow_headers:
        - Access-Control-Allow-Origin
    allow_methods:
        - GET
        - POST
        - PUT
    expose_headers:
        - Access-Control-Allow-Origin
    max_age: 0
    hosts: mediastorage.dsr
session:
    idle: 0
    lifetime: 604800
crossdomain:
    allow-access-from:
        -
            domain: 'localhost:3000'
            secure: 'false'

For now I want to use the v1 search API.

http://mediastorage.dsr/api/v1/search/?oauth_token=sometoken&query=

Any help or ideas would be appreciated. A workaround would always be possible by developing my own small backend to proxy all requests through that, but I'd prefer to talk to the Phraseanet API directly. Thanks in advance for any input :)

Kind Regards,

Andreas

[Andreas Fuchs]

Forgot to mention that I'm using version 4.1.2 with Docker.

[Andreas Fuchs]

Well, Layer 8 problem as suspected.

Got it working with the right format:

api_cors:

    enabled: true

    allow_credentials: false

    allow_origin:

        - '*'

    allow_headers:

        - '*'

    allow_methods:

        - GET

        - POST

        - PUT

    expose_headers: {  }

    max_age: 3600

    hosts:

        - mediastorage.dsr