I have a mobile app that uses an API to authenticate a user via a login form.
This has been working fine up-to today.. and now today when I attempt to login I get the following message in the console log:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://myapp.local/myAppApi/V1/appLogin.
This can be fixed by moving the resource to the same domain or enabling CORS.
Obviously I need to enable CORS from reading the message, within my myApiController.php I have the following code within my Yii application that I believe should be doing this:
protected function _renderJSON($status = 200)
{
$statusCodeMessage = $this->_getStatusCodeMessage($status);
header("HTTP/1.1 {$status} {$statusCodeMessage}");
// allow for Cross Origin Resource Sharing
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE");
header("Access-Control-Allow-Headers: Authorization");
header('Content-type: application/json');
echo CJSON::encode($this->jsonArray);
foreach (Yii::app()->log->routes as $route) {
if ($route instanceof CWebLogRoute) {
$route->enabled = false; // disable any weblogroutes
}
}
Yii::app()->end();
}
Could anyone assist on how I can fix this? The app is made with the cordova framework and the API it connects to works via an PHP app built using Yii.
Any advice would be appreciated
-- UPDATE -- I have added the following to my htaccess to no joy however
<ifModule mod_headers.c>
Header set Access-Control-Allow-Origin: *
Header set Access-Control-Allow-Headers: Authorization
Header set Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
</ifModule>
-- UPDATE -- I've come across this link which looks useful https://gist.github.com/sourcec0de/4237402