bug fixing

customerapi/controllers/LoginController.php

@@ -29,16 +29,8 @@ class LoginController extends Controller
               'cors' => [
                   // restrict access to
                   'Origin' => ['https://botondfitness.hu'],
-                  // Allow only POST and PUT methods
-//                  'Access-Control-Request-Method' => ['POST', 'PUT'],
-                  // Allow only headers 'X-Wsse'
-//                  'Access-Control-Request-Headers' => ['X-Wsse'],
                   // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
                   'Access-Control-Allow-Credentials' => true,
-                  // Allow OPTIONS caching
-//                  'Access-Control-Max-Age' => 3600,
-                  // Allow the X-Pagination-Current-Page header to be exposed to the browser.
-//                  'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
               ]
         ];
         return $behaviors;

customerapi/controllers/RestController.php

@@ -9,6 +9,7 @@ use Lcobucci\JWT\Token;
 use sizeg\jwt\JwtHttpBearerAuth;
 use Yii;
 use yii\filters\auth\AuthMethod;
+use yii\filters\Cors;
 use yii\rest\Controller;
 
 class RestController extends Controller
@@ -22,6 +23,15 @@ class RestController extends Controller
             'auth' => [$this, 'auth'],
             'optional' => $this->getOptionalActions(),
         ];
+        $behaviors['corsFilter'] = [
+            'class' => Cors::class,
+            'cors' => [
+                // restrict access to
+                'Origin' => ['https://botondfitness.hu'],
+                // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
+                'Access-Control-Allow-Credentials' => true,
+            ]
+        ];
         return $behaviors;
     }