Drupal 8.2 introduced Opt-in CORS support. Using the documentation in default.services.yml I cannot get it to work. Neither can a lot of other people, as can be seen from the comments in https://www.drupal.org/node/2715637.
Is something missing from the documentation?
Tried on Drupal 8.3.7 and Apache 2.4.25-3ubuntu2.3, with this configuration:
cors.config:
enabled: true
# Specify allowed headers, like 'x-allowed-header'.
allowedHeaders: ['x-csrf-token','authorization','content-type','accept','origin','x-requested-with']
# Specify allowed request methods, specify ['*'] to allow all possible ones.
allowedMethods: ['*']
# Configure requests allowed from specific origins.
allowedOrigins: ['*']
# Sets the Access-Control-Expose-Headers header.
exposedHeaders: false
# Sets the Access-Control-Max-Age header.
maxAge: 1000
# Sets the Access-Control-Allow-Credentials header.
supportsCredentials: false
Comments
Comment #2
cilefen CreditAttribution: cilefen as a volunteer commentedHi @gaele: Just a tip: you can get more attention on an issue by relating it from the original, which is in this case #1869548: Opt-in CORS support. I've just done that.
Comment #3
selva.swamy@gmail.com CreditAttribution: selva.swamy@gmail.com as a volunteer and commentedUpdating the component as I am facing same issue. Even though I update the services.yml as per https://www.drupal.org/node/2715637 I could not get to work.
Do we need CORS enabled on the server we are trying to access? I am trying to access a YouTube video via a embed URL
Comment #4
mr.baileysIt all depends on what exactly you are trying to do, and what error or issue you are experiencing. @kswarmy, for Youtube embeds, you might want to look into adding "&origin=http://example.com" to the embed src.
Moving this issue to the support queue. If you still experience issues, please provide information about what you are trying to do (for example, provide a curl request with request and response headers), and what you were expecting versus what actually happened.
Comment #7
zterry95 CreditAttribution: zterry95 at DAVYIN Internet Solutions / 戴文信息科技有限公司 commentedThe "Access-Control-Allow-Origin" display is tricky.
For example, allowedOrigins in services.yml is "http://localhost:3000", It works when you request from http://localhost:3000.
A quick test script is :
Comment #10
cilefen CreditAttribution: cilefen as a volunteer commentedI am closing this support request because there have been no recent comments.
The Drupal Core issue queue is not the ideal place for support requests. Consider other sources of support.