From 9fd7862d58a761b1c6e85bef6cbcc5dc7c84517f Mon Sep 17 00:00:00 2001 From: Roland Schneider Date: Tue, 28 Sep 2021 19:03:30 +0200 Subject: [PATCH] set jwt secret --- customerapi/controllers/LoginController.php | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/customerapi/controllers/LoginController.php b/customerapi/controllers/LoginController.php index 71502d4..30e18b8 100644 --- a/customerapi/controllers/LoginController.php +++ b/customerapi/controllers/LoginController.php @@ -10,6 +10,7 @@ namespace customerapi\controllers; use customerapi\models\LoginForm; use sizeg\jwt\Jwt; +use sizeg\jwt\JwtHttpBearerAuth; use Yii; use yii\rest\Controller; use yii\web\UnauthorizedHttpException; @@ -19,6 +20,30 @@ use yii\web\UnauthorizedHttpException; class LoginController extends Controller { + public function behaviors() + { + $behaviors = parent::behaviors(); + + $behaviors['corsFilter'] = [ + 'class' => \yii\filters\Cors::className(), + 'cors' => [ + // restrict access to + 'Origin' => ['https://botondfitness.hu'], + // Allow only POST and PUT methods +// 'Access-Control-Request-Method' => ['POST', 'PUT'], + // Allow only headers 'X-Wsse' +// 'Access-Control-Request-Headers' => ['X-Wsse'], + // Allow credentials (cookies, authorization headers, etc.) to be exposed to the browser + 'Access-Control-Allow-Credentials' => true, + // Allow OPTIONS caching +// 'Access-Control-Max-Age' => 3600, + // Allow the X-Pagination-Current-Page header to be exposed to the browser. +// 'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'], + ] + ]; + return $behaviors; + } + /** * hash for password test is: * $2y$13$D2BauYE2nhCdVDNatT9BMeWGxOvi5t5V6W2OUjr6sj2FRpb317Cpq