diff --git a/customerapi/controllers/EventController.php b/customerapi/controllers/EventController.php index 21dc855..3dcdf48 100644 --- a/customerapi/controllers/EventController.php +++ b/customerapi/controllers/EventController.php @@ -28,7 +28,7 @@ use yii\web\Response; /** @noinspection PhpUnused */ -class EventController extends CustomerApiController +class EventController extends RestController { /** @noinspection PhpUnused */ /** diff --git a/customerapi/controllers/RestController.php b/customerapi/controllers/RestController.php index 502f83f..aba9b95 100644 --- a/customerapi/controllers/RestController.php +++ b/customerapi/controllers/RestController.php @@ -20,18 +20,18 @@ class RestController extends Controller { $behaviors = parent::behaviors(); -// $auth = $behaviors['authenticator']; -// unset($behaviors['authenticator']); + $auth = $behaviors['authenticator']; + unset($behaviors['authenticator']); -// $behaviors['corsFilter'] = [ -// 'class' => CorsCustom::class, -// 'cors' => [ -// // restrict access to -// 'Origin' => ['https://botondfitness.hu'], -// // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser -// 'Access-Control-Allow-Credentials' => true, -// ] -// ]; + $behaviors['corsFilter'] = [ + 'class' => Cors::class, + 'cors' => [ + 'Origin' => ['https://botondfitness.hu'], + 'Access-Control-Request-Method' => ['POST', 'GET', 'OPTIONS'], + 'Access-Control-Allow-Headers' => ['*'], + 'Access-Control-Expose-Headers' => ['*'] + ], + ]; // $behaviors['authenticator'] = $auth; $behaviors['authenticator'] = [ @@ -39,6 +39,7 @@ class RestController extends Controller 'auth' => [$this, 'auth'], 'optional' => $this->getOptionalActions(), ]; + $behaviors['authenticator']['except'] = ['options']; return $behaviors; }