allow OPTIONS request without ApiKey about auth HOT 13 CLOSED

Please check https://github.com/CakeDC/auth/blob/3.next/Docs/Documentation/ApiKeyAuthenticate.md

from auth.

You could try using header instead of querystring

$config['Auth']['authenticate']['CakeDC/Users.ApiKey'] = [
    'type' => 'header',
    ];

from auth.

@rochamarcelo I know how to set up to accept the ApiKey in the header. My problem is that the first OPTIONS preflight request does not contain the ApiKey header, so the request is redirected.

So what I would need is allowing OPTIONS requests to the application without the ApiKey.

from auth.

It seems that you need a custom authorization rule for it, I'm not sure if this is a generic case.

from auth.

Can you give me a hint how to do that?

from auth.

@rrd108 please try to add a CorsMiddleware like this one https://github.com/ozee31/cakephp-cors/blob/master/src/Routing/Middleware/CorsMiddleware.php

This should handle the OPTIONS request without having to add custom authorization rules.

Please let us know if this works for you.

from auth.

As I see there is official support for this. Am I right?

https://book.cakephp.org/3/en/controllers/request-response.html#setting-cross-origin-request-headers-cors

Addind OPTIONS to allowMethods did not helped

from auth.

It seems similar to how the mentioned middleware works, but instead of using named methods like allowHeaders it uses withHeader method

from auth.

hm... it still refuses option requests

from auth.

Have you followed the plugin installation steps, it requires some config keys https://github.com/ozee31/cakephp-cors#configuration

from auth.

the problem is that options request does not contain the apikey, so they are refused by the plugin

from auth.

@rrd108 if you check the mentioned behavior, the response for OPTIONS request is handled at https://github.com/ozee31/cakephp-cors/blob/master/src/Routing/Middleware/CorsMiddleware.php#L23

So, using that behavior the OPTIONS requestt will not go to controller layer but just return a simple response. If you tried to use that behavior and did not worked please debug the IF conditions.

from auth.

closing this one, if the issue persists please reopen

from auth.