angularjs – Access-Control-Allow-Origin: * does not work for all my domains

Question:

I have four applications that use the same API, and Access-Control-Allow-Origin: * don't count at all, the only application that doesn't work is the one using Zend Framework 2 and Symfony, I don't know if it could have anything to see.

Suppose http://cloud.localhost.com.br is the URL of the application that doesn't work with *

When I switch to Access-Control-Allow-Origin:http://cloud.localhost.com.br for example, it works normally. In other words, if it works with URL, I suppose you have a problem with Access-Control-Allow-Origin: * .

API configuration:

return array(
    'zfr_cors' => array(
    // LOCAL
      //'allowed_origins' => array('http://cloud.localhost.com.br'),

      'allowed_origins' => array('*'),

     /**
      * Set the list of HTTP verbs.
      */
      'allowed_methods' => array('GET', 'POST', 'PUT', 'DELETE', 'OPTIONS', 'PATCH'),

     /**
      * Set the list of headers. This is returned in the preflight request to indicate
      * which HTTP headers can be used when making the actual request
      */
      'allowed_headers' => array('Authorization', 'Accept', 'Content-Type'),

     /**
      * Set the max age of the preflight request in seconds. A non-zero max age means
      * that the preflight will be cached during this amount of time
      */
     // 'max_age' => 120,

     /**
      * Set the list of exposed headers. This is a whitelist that authorize the browser
      * to access to some headers using the getResponseHeader() JavaScript method. Please
      * note that this feature is buggy and some browsers do not implement it correctly
      */
     // 'exposed_headers' => array(),

     /**
      * Standard CORS requests do not send or set any cookies by default. For this to work,
      * the client must set the XMLHttpRequest's "withCredentials" property to "true". For
      * this to work, you must set this option to true so that the server can serve
      * the proper response header.
      */
      'allowed_credentials' => true,
   ),
);

Console Google Chrome usando Access-Control-Allow-Origin:http://cloud.localhost.com.br:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:32:49 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:49 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

and sends the POST later:

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:POST
Status Code:201 Created
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://cloud.localhost.com.br
Access-Control-Expose-Headers:
Connection:Keep-Alive
Content-Length:179
Content-Type:application/hal+json
Date:Thu, 11 Feb 2016 14:32:50 GMT
Keep-Alive:timeout=5, max=100
Location:http://apps-api.localhost/v1/contato
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:50 GMT; Max-Age=3600; path=/
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:32:58 GMT; Max-Age=3600; path=/
Vary:Origin
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:109
Content-Type:application/json;charset=UTF-8
Cookie:XDEBUG_SESSION=netbeans-xdebug
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

And when I switch to Access-Control-Allow-Origin: * :

Request URL:http://apps-api.localhost/v1/contato?XDEBUG_SESSION_START=netbeans-xdebug
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:80
Response Headers
view source
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Accept, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS, PATCH
Access-Control-Allow-Origin:*
Access-Control-Max-Age:0
Connection:Keep-Alive
Content-Length:0
Content-Type:text/html; charset=UTF-8
Date:Thu, 11 Feb 2016 14:33:32 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Ubuntu)
Set-Cookie:XDEBUG_SESSION=netbeans-xdebug; expires=Thu, 11-Feb-2016 15:33:32 GMT; Max-Age=3600; path=/
X-Powered-By:PHP/5.6.16
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, content-type
Access-Control-Request-Method:POST
Cache-Control:no-cache
Connection:keep-alive
Host:apps-api.localhost
Origin:http://cloud.localhost.com.br
Pragma:no-cache
Referer:http://cloud.localhost.com.br/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36

and DOES NOT send the POST

Answer:

I don't know about the Framework used, but try clicking https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi

This happened to me due to the way my Framework works, don't forget to turn it on and off at the beginning and after you finish using it.

Scroll to Top