Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-26820

Failing to use JS REST API client with cross domain

    Details

      Description

      Trying to use API REST client with on the same domain works good while using it cross-domain (= CORS requests) seems to fail for several reasons :

      1. On the server side: when a preflight request is send, the response headers do not contains the Access-Control-Allowed-Methods despite of the nelmio_cors config. The original request is then rejected (405 method not allowed). This header seems to be overwritten by an empty value somewhere in ezPublishRestBundle
      2. On the client side: no session cookie is send within a request. This seems to come from a missing statement in CAPI.js :

        XHR.withCredentials = true;
        

      Note: reaching problem 2 is only possible by hacking ezPublishRestBundle to get rid of problem 1

      Full details
      Read this stackoverflow post for a full detailed explanation of the problem

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Christophe Laborier
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: