Can't figure why.. I use CorsSlim with default Settings and when I try to access it from another heroku repo I keep getting an 301 Permanent Moved Any Ideas ?

EDIT: And If I try the same request with postman it works like charm...

request:

    Host: lavacal-api.heroku.com
    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: de,en-US;q=0.7,en;q=0.3
    Accept-Encoding: gzip, deflate
    Origin: http://lavacal.herokuapp.com
    Access-Control-Request-Method: GET
    Access-Control-Request-Headers: apikey
    Connection: keep-alive

response:

    Connection: keep-alive
    Content-Length: 0
    Date: Mon, 20 Apr 2015 16:30:41 GMT
    Location: http://lavacal-api.herokuapp.com/api/v1/events
    Server: Cowboy

I'm having trouble persisting sessions across requests made via cross-origin requests. I'm starting to suspect this has something to do with the way the response headers are modified by CorsSlim.

Do I need to set exposeHeaders? If so, which headers do I need to expose for sessions to work properly? Just the Set-Cookie header?

Hello palanik! thanks to share this library!

The api works great in GET request, but in POST request when i retrieve parameters with:

$req = $app->request()->post();

$req is empty, but in developer console (Chrome) Request-Payload contains data.

Do you have tips?

Thanks in advance

Add support for multiple origins if an array is passed in for the 'origin' setting. This works by returning the first value to match the actual origin of the request, or defaulting to the first value in the array.

Hi, I have a column in a database table that stores the domain that an app will be accessing our API from.

I would like to be able to dynamically load the domain from the database and include it as the origin option of the middleware.

What is the best way to do this? I tried doing a query but it didn't work. How would I dynamically load a whitelist of domains?

You must fix the setExposeHeaders method. You're using -> instead array notation

protected function setExposeHeaders($req, $rsp) {
    if (isset($this->settings['exposeHeaders'])) {
        $exposeHeaders = $this->settings['exposeHeaders'];
        if (is_array($exposeHeaders)) {
            $exposeHeaders = implode(", ", $exposeHeaders);
        }

        $rsp->headers->set('Access-Control-Expose-Headers', $exposeHeaders);
    }
}

Fatal error: Cannot access protected property Slim\Slim::$request in /var/www/site/web/vendor/palanik/corsslim/CorsSlim.php on line 100

Do you have an idea what the problem could be here?

The problem is that SLIM bypasses the middleware that sets the CORS headers in some cases. A quick patch would be to change protected function setCorsHeaders($req, $rsp)

Into public function setCorsHeaders($req, $rsp) {

So this function can be called 'manually' from the (custom) 404, 406 and Errorhandlers.

But maybe it is not a big problem at all. Or maybe there is a better solution.

We use: "palanik/corsslim": "dev-slim3"

Hi!

This is my code, but not work:

require ('.././libs/CorsSlim/vendor/autoload.php');
$app = new \Slim\Slim();

$app->post('/item', 
          \CorsSlim\CorsSlim::routeMiddleware(), 
          function () use ($app) {
            $r = json_decode($app->request->getBody());
            $response["status"] = "success";
            $response["message"] = $r->data->nickname;
            echoResponse(200, $response);
          }
        );

The error:

XMLHttpRequest cannot load [...]. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

If I use this code, it works. But I need apply only in one route:

require ('.././libs/CorsSlim/vendor/autoload.php');
$app = new \Slim\Slim();

$corsOptions = array(
    "origin" => "*",
    "exposeHeaders" => array("X-My-Custom-Header", "X-Another-Custom-Header"),
    "maxAge" => 1728000,
    "allowCredentials" => True,
    "allowMethods" => array("POST, GET"),
    "allowHeaders" => array("Origin, X-Requested-With, Content-Type, Accept")
    );

$cors = new \CorsSlim\CorsSlim($corsOptions);
$app->post('/item',
          function () use ($app) {
            $r = json_decode($app->request->getBody());
            $response["status"] = "success";
            $response["message"] = $r->data->nickname;
            echoResponse(200, $response);
          }
        );

$app->add($cors);