Есть родительский контроллер с CORS:
Код: Выделить всё
class Controller extends \yii\rest\Controller {
public function behaviors()
{
return [
'corsFilter' => [
'class' => Cors::class,
'cors' => [
// restrict access to
'Origin' => ['http://192.168.88.29:3000', 'http://192.168.88.25:3000', 'http://localhost:3000'],
// TODO заголовки требуют дополнительную проверку
'Access-Control-Allow-Origin' => ['*'],
'Access-Control-Allow-Headers' => [
'Access-Control-Allow-Headers',
'Origin',
'Accept',
'X-Requested-With',
'Content-Type',
'Access-Control-Request-Method',
'Access-Control-Request-Headers',
'Authorization',
'Refresh-Token',
],
// Allow only POST and PUT methods
'Access-Control-Request-Method' => ['POST','GET','OPTIONS'],//'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'
// Allow only headers 'X-Wsse'
'Access-Control-Request-Headers' => ['X-Wsse'],
// Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
'Access-Control-Allow-Credentials' => true,
// Allow OPTIONS caching
'Access-Control-Max-Age' => 3600,// Cache (seconds)
// Allow the X-Pagination-Current-Page header to be exposed to the browser.
'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
],
],
'authenticator' => [
'class' => CompositeAuth::class,
'authMethods' => [
// HttpBasicAuth::class,
HttpBearerAuth::class,
// HttpHeaderAuth::class,
// QueryParamAuth::class
],
]
];
}
/**
* @inheritdoc
*/
public function actions()
{
return [
'options' => [
'class' => OptionsAction::class
]
];
}
}
Код: Выделить всё
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['access'] = [
'class' => AccessControl::class,
'rules' => [
[
'allow' => true,
'actions' => [
'get-resume-by-id'
],
'roles' => ['@', '?'],
],
[
'allow' => true,
'actions' => [
'load-my-resume-list',
'load-user-resume-list',
'manage-service',
],
'roles' => [User::ROLE_APPLICANT],
],
]
];
$behaviors['verbs'] = [
'class' => VerbFilter::class,
'actions' => [
'load-my-resume-list' => ['POST'],
],
];
return $behaviors;
}
Пробовал добавить правила
Код: Выделить всё
$behaviors['authenticator']['except'] = ['options','get-resume-by-id'];
$behaviors['authenticator']['only'] = ['get-resume-by-id', 'load-my-resume-list',
'load-user-resume-list',
'manage-service'];
Код: Выделить всё
Authorization: Bearer Nsv2AOzP1h-DxhCjsGGcVNrraar_gHIHNSdEJcCn
Подскажите пожалуйста, как решить вопрос, что не так, куда копать?