i trying create my first Yii2 rest API. the objective is others apps (that I don't have control about them) consuming my webservice, but i need limit access, i need limit what specific apps can be have access to API, it's possible?
UPDATE
according the comments and docs i add the following code and i try with Origin "fake" but when i access the via browser i see the records. this should block access, no?
Im trying put public $enableCsrfValidation = false; the result is same. I use apache.
public function behaviors()
{
$behaviors = parent::behaviors();
// remove authentication filter
$auth = $behaviors['authenticator'];
unset($behaviors['authenticator']);
// add CORS filter
$behaviors['corsFilter'] = [
'class' => \yii\filters\Cors::className(),
'cors' => [
'Origin' => ["http://server.com"],
'Access-Control-Request-Method' => ['POST', 'GET'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Max-Age' => 3600,
],
];
// re-add authentication filter
$behaviors['authenticator'] = $auth;
// avoid authentication on CORS-pre-flight requests (HTTP OPTIONS method)
$behaviors['authenticator']['except'] = ['options'];
return $behaviors;
}
