bug fixing

customerapi/controllers/EventController.php

@@ -28,7 +28,7 @@ use yii\web\Response;
 
 /** @noinspection PhpUnused */
 
-class EventController extends CustomerApiController
+class EventController extends RestController
 {
     /** @noinspection PhpUnused */
     /**

customerapi/controllers/RestController.php

@@ -20,18 +20,18 @@ class RestController extends Controller
     {
         $behaviors = parent::behaviors();
 
-//        $auth = $behaviors['authenticator'];
-//        unset($behaviors['authenticator']);
+        $auth = $behaviors['authenticator'];
+        unset($behaviors['authenticator']);
 
-//        $behaviors['corsFilter'] = [
-//            'class' => CorsCustom::class,
-//            'cors' => [
-//                // restrict access to
-//                'Origin' => ['https://botondfitness.hu'],
-//                // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser
-//                'Access-Control-Allow-Credentials' => true,
-//            ]
-//        ];
+        $behaviors['corsFilter'] = [
+            'class' => Cors::class,
+            'cors'  => [
+            'Origin' => ['https://botondfitness.hu'],
+                'Access-Control-Request-Method'    => ['POST', 'GET', 'OPTIONS'],
+                'Access-Control-Allow-Headers' =>  ['*'],
+                'Access-Control-Expose-Headers' => ['*']
+            ],
+        ];
 
 //        $behaviors['authenticator'] = $auth;
         $behaviors['authenticator'] = [
@@ -39,6 +39,7 @@ class RestController extends Controller
             'auth' => [$this, 'auth'],
             'optional' => $this->getOptionalActions(),
         ];
+        $behaviors['authenticator']['except'] = ['options'];
 
         return $behaviors;
     }