How to enable CORS requests against Drupal 8

Events happening in the community are now at Drupal community events on www.drupal.org.
-enzo-'s picture
Posted by -enzo- on October 3, 2014 at 10:38am

Hey folks

I want to contribute an article about one option we have to enable CORS against Drupal 8 websites in current status http://enzolutions.com/articles/2014/09/08/how-to-enable-cors-requests-a...

The implementation I did is a solution meanwhile the ticket "Enable CORS for GET requests" https://www.drupal.org/node/1869548 is resolved

Feedbacks are more than welcome.

Comments

Also see

Posted by mrfelton on October 4, 2014 at 9:21pm
mrfelton's picture

Also see Drupal 8 port for CORS

--
Tom
www.systemseed.com - drupal development. drupal training. drupal support.

I add these code in drupal

Posted by wahono77 on April 5, 2016 at 6:06am
wahono77's picture

I add these code in drupal index.php (at top line after <?php ), and all request from browser, android, app is OK now.

if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
}*/
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
// return only the headers and not the content
// only allow CORS if we're doing a GET - i.e. no saving for now.
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'])) {
if($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'GET' || $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD'] == 'POST') {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: X-Requested-With, X-authentication,Content-Type, X-client');
}
}
exit;
}

not working

Posted by murhafsousli on April 10, 2016 at 8:24am
murhafsousli's picture

@wahono77 it's not working for me, still getting the 405

Find: .../sites/default/defau

Posted by soudippaul on February 8, 2018 at 8:35am
soudippaul's picture

Find:
.../sites/default/default.services.yml

Make a copy and rename the copy to:

.../sites/default/services.yml

Find this part of the code:
cors.config:
enabled: false

and replace with the following -
cors.config:
enabled: true

Clear the cache.

Headless Drupal

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: