General

  eZ Systems Website
  Technical documentation
  Editor documentation

This Documentation contains:
 
Technical documentation:



⚠ WARNING ! This documentation is deprecated !

Please go to the current Technical Documentation

Skip to end of metadata
Go to start of metadata

eZ Publish ships with NelmioCorsBundle, a Symfony open-source bundle that provides support for CORS (Cross Origin Resource Sharing). The REST API is pre-configured to respond to such requests, as long as you customize the allowed origins as explained below.

What is CORS

Supported by most modern browsers, this W3C specification defines a set of custom headers that, under specific circumstances, allow HTTP requests between different hosts. The main use-case is execution of AJAX code from one site towards another.

A couple links about it:

Configuration

Since CORS support is provided by a 3rd party bundle, we re-use the semantical configuration it provides. You can read more about it on the NelmiCorsBundle's README file.

The origin of a request is one of the main criteria for allowing or blocking a cross origin request. Such requests will come with an Origin HTTP header, automatically added by the browser, that gets approved/blocked by the server. By default, all cross origin requests will be blocked.

Granting an origin default access

To allow a specific host to execute cross-origin requests, you need to add this host to the nelmio_cors.default.allow_origin configuration array in config.yml. As an example, in order to allow requests from http://example.com, one would add those lines to ezpublish/config/config.yml:

Granting CORS access to your own HTTP resources

The Cors bundle is of course perfectly safe to use for any non-eZ HTTP resource you would like to expose.
Follow the instructions in NelmioCorsBundle's configuration chapter.

1 Comment

  1. If you have problems getting CORS to work and you receive "Request-Allow-Origin: null" make sure you add 'allowedMethods' to your corresponding entry in rest_routes.yml:

     

    your_rest_path_identifier:
    pattern: /pattern
    defaults:
    _controller: bundle.controller.default:dosomething
    allowedMethods: "OPTIONS,POST"
    methods: [POST,OPTIONS]