Download the PHP package b2b2dot0/magento-2-cors-requests without Composer
On this page you can find all versions of the php package b2b2dot0/magento-2-cors-requests. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download b2b2dot0/magento-2-cors-requests
More information about b2b2dot0/magento-2-cors-requests
Files in b2b2dot0/magento-2-cors-requests
Package magento-2-cors-requests
Short Description Enabling cross-origin resource sharing (CORS) requests to Magento 2 API from configured Origin domain
License OSL-3.0 AFL-3.0
Homepage https://github.com/b2b2dot0/magento-2-cors-requests
Informations about the package magento-2-cors-requests
Magento 2 CORS Cross-Domain Requests by SplashLab
This module allows you to enable Cross-Origin Resource Sharing (CORS) REST API requests in Magento 2 by adding the appropriate HTTP headers and handling the pre-flight OPTIONS requests.
This can be used to allow AJAX and other requests to the Magento 2 REST API from another domain (or subdomain).
How to install
1. via composer
OR
Edit composer.json
2. Copy and paste
Download latest version from GitHub
Paste into app/code/SplashLab/CorsRequests
directory
3. Update Origin URL
In Stores -> Configuration
, go to General -> Web -> CORS Requests Configuration
.
Then edit the the CORS Origin Url
field to the domain you want to enable cross-domain requests from. (i.e. http://example.com)
How does it work?
The full implementation of CORS cross-domain HTTP requests is outside the scope of this README, but this is what this module does:
- Allows onfigureing an Origin Url in the Admin Configuration area - this is the domain which cross-domain requests are permitted from
- This domain is added to a
Access-Control-Allow-Origin
response HTTP header - Optionally you can enable the
Access-Control-Allow-Credentials
header as well, to enable passing cookies
For non-GET and non-standard-POST requests (i.e. PUT and DELETE), the "pre-flight check" OPTIONS request is handled by:
- An empty
/V1/cors/check
API response with the appropriate headers: Access-Control-Allow-Methods
response header, which mirrors theAccess-Control-Request-Method
request headerAccess-Control-Allow-Headers
response header, which mirrors theAccess-Control-Request-Headers
request header
Alternative Solutions
You can also manage these CORS headers with Apache and Nginx rules, instead of using this extension:
- https://community.magento.com/t5/Magento-2-Feature-Requests-and/API-CORS-requests-will-fail-without-OPTIONS-reponse/idi-p/60551
- https://stackoverflow.com/questions/35174585/how-to-add-cors-cross-origin-policy-to-all-domains-in-nginx
But I created this extension to allow you to configure the Origin domain the Admin Configuration, and to avoid having to create and manage special server configuration.
CORS Cross-Domain Request References
- https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
- https://www.html5rocks.com/en/tutorials/cors/
- https://stackoverflow.com/questions/29954037/how-to-disable-options-request
- https://stackoverflow.com/questions/12320467/jquery-cors-content-type-options
- https://github.com/magento/magento2/issues/8399