Comments (13)
Please check https://github.com/CakeDC/auth/blob/3.next/Docs/Documentation/ApiKeyAuthenticate.md
from auth.
You could try using header instead of querystring
$config['Auth']['authenticate']['CakeDC/Users.ApiKey'] = [
'type' => 'header',
];
from auth.
@rochamarcelo I know how to set up to accept the ApiKey in the header. My problem is that the first OPTIONS preflight request does not contain the ApiKey header, so the request is redirected.
So what I would need is allowing OPTIONS requests to the application without the ApiKey.
from auth.
It seems that you need a custom authorization rule for it, I'm not sure if this is a generic case.
from auth.
Can you give me a hint how to do that?
from auth.
@rrd108 please try to add a CorsMiddleware like this one https://github.com/ozee31/cakephp-cors/blob/master/src/Routing/Middleware/CorsMiddleware.php
This should handle the OPTIONS request without having to add custom authorization rules.
Please let us know if this works for you.
from auth.
As I see there is official support for this. Am I right?
Addind OPTIONS to allowMethods
did not helped
from auth.
It seems similar to how the mentioned middleware works, but instead of using named methods like allowHeaders it uses withHeader method
from auth.
hm... it still refuses option requests
from auth.
Have you followed the plugin installation steps, it requires some config keys https://github.com/ozee31/cakephp-cors#configuration
from auth.
the problem is that options request does not contain the apikey, so they are refused by the plugin
from auth.
@rrd108 if you check the mentioned behavior, the response for OPTIONS request is handled at https://github.com/ozee31/cakephp-cors/blob/master/src/Routing/Middleware/CorsMiddleware.php#L23
So, using that behavior the OPTIONS requestt will not go to controller layer but just return a simple response. If you tried to use that behavior and did not worked please debug the IF conditions.
from auth.
closing this one, if the issue persists please reopen
from auth.
Related Issues (20)
- RFC: Don't wrap developer centric messages in translation function HOT 1
- RFC - Convert SimpleRbacAuthorize into a standalone class. HOT 2
- Accessing pages / controllers without authorization HOT 1
- How do I add permissions from another plugin? HOT 5
- Fix legacy key detection to load permissions coming from old version HOT 1
- Permissions with empty value are ignored HOT 3
- Upgrade to 3.6
- PHP Notice with last CakePHP version HOT 7
- Assigning multiple Roles to one user HOT 1
- Invalidate Remember Me Auths HOT 1
- How can a user enter a site by a token? api key authorization? cakedc HOT 1
- is_callable() invoked on system functions HOT 1
- get api key on form authentication HOT 1
- Switch to github actions
- Call to undefined method ArrayObject::toArray() HOT 2
- Error after update from 6.1.0 to 6.2.0 HOT 1
- Zend\Diactoros\Uri not found in IsAuthorizedTrait.php HOT 4
- Provide replacement to LinkedIn OAuth 2 provider, using their current integration via OpenID-Connect HOT 1
- rbac HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.