From 2fdad33a40fc5b9a5460a8bb5e902538464b34e1 Mon Sep 17 00:00:00 2001
From: Roland Schneider <rschneider@ucs.at>
Date: Tue, 28 Sep 2021 19:20:21 +0200
Subject: [PATCH] bug fixing

---
 customerapi/controllers/LoginController.php |  8 --------
 customerapi/controllers/RestController.php  | 10 ++++++++++
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/customerapi/controllers/LoginController.php b/customerapi/controllers/LoginController.php
index 30e18b8..4eb6944 100644
--- a/customerapi/controllers/LoginController.php
+++ b/customerapi/controllers/LoginController.php
@@ -29,16 +29,8 @@ class LoginController extends Controller
               'cors' => [
                   // restrict access to
                   'Origin' => ['https://botondfitness.hu'],
-                  // Allow only POST and PUT methods
-//                  'Access-Control-Request-Method' => ['POST', 'PUT'],
-                  // Allow only headers 'X-Wsse'
-//                  'Access-Control-Request-Headers' => ['X-Wsse'],
                   // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
                   'Access-Control-Allow-Credentials' => true,
-                  // Allow OPTIONS caching
-//                  'Access-Control-Max-Age' => 3600,
-                  // Allow the X-Pagination-Current-Page header to be exposed to the browser.
-//                  'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
               ]
         ];
         return $behaviors;
diff --git a/customerapi/controllers/RestController.php b/customerapi/controllers/RestController.php
index 87203c7..296e8f6 100644
--- a/customerapi/controllers/RestController.php
+++ b/customerapi/controllers/RestController.php
@@ -9,6 +9,7 @@ use Lcobucci\JWT\Token;
 use sizeg\jwt\JwtHttpBearerAuth;
 use Yii;
 use yii\filters\auth\AuthMethod;
+use yii\filters\Cors;
 use yii\rest\Controller;
 
 class RestController extends Controller
@@ -22,6 +23,15 @@ class RestController extends Controller
             'auth' => [$this, 'auth'],
             'optional' => $this->getOptionalActions(),
         ];
+        $behaviors['corsFilter'] = [
+            'class' => Cors::class,
+            'cors' => [
+                // restrict access to
+                'Origin' => ['https://botondfitness.hu'],
+                // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
+                'Access-Control-Allow-Credentials' => true,
+            ]
+        ];
         return $behaviors;
     }