-1

I'm having problems getting a Slim CORS web service to work using Curl

It works fine when called from a browser based Ajax Service but I cannot get it working when called from a script on the server. CORS has been setup to allow access from '*'

$url = "https://server.local/api/v1.0/issueJWTToken";

$ch1 = curl_init();

$headers = [
    "Origin: https://server.local",
    "Content-Type: text/plain",
    "Access-Control-Request-Headers: Content-Type, Origin"
];

curl_setopt_array($ch1, array(
    CURLOPT_URL => $url,
    CURLOPT_CUSTOMREQUEST => 'OPTIONS',
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HEADER => true,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_NOBODY => true,
    CURLOPT_SSL_VERIFYHOST => 0,
    CURLOPT_SSL_VERIFYPEER => false
));

$data = curl_exec($ch1);

curl_close($ch1);

This returns the following:

HTTP/1.1 200 OK 
Date: Mon, 04 Jun 2018 12:33:51 GMT 
Server: Apache/2.4.10 (Debian) 
Access-Control-Allow-Origin: * 
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, 
Origin, Authorization 
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS 
Content-Length: 0 
Content-Type: text/html; 
charset=UTF-8

I then follow it with a POST transaction as follows:

$post_fields = "id=1" ;

$headers = [
    "Origin: https://server.local",
    "Content-Type: text/plain"
];

$ch = curl_init();

curl_setopt_array($ch,[
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_URL => $url,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_HEADER => true,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_POSTFIELDS=> $post_fields,
    CURLOPT_SSL_VERIFYHOST => 0,
    CURLOPT_SSL_VERIFYPEER => false
]);

$data = curl_exec($ch);

But I get the following

HTTP/1.1 405 Method Not Allowed 
Date: Mon, 04 Jun 2018 12:38:02 GMT Server: Apache/2.4.10 (Debian) 
Allow: OPTIONS 
Access-Control-Allow-Origin: * 
Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept, Origin, Authorization 
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS 
Content-Length: 559 
Content-Type: text/html;charset=UTF-8 
<html> 
    <head> 
        <title>Method not allowed</title>
    </head>
    <body>
        <h1>Method not allowed</h1> 
        <p>Method  not allowed. Must be one of: <strong>OPTIONS</strong></p> 
    </body> 
</html>

Am I doing something wrong? The OPTIONS call seems to work OK but I cannot get the POST to succeed.

Is there something returned from the OPTIONS response that I should be passing back in the POST?

Any help greatly appreciated

Neil

Update: CORS settings shown below

$app->options('/{routes:.+}', function ($request, $response, $args) {
    return $response;
});

$app->add(function ($req, $res, $next) {
    $response = $next($req, $res);
    return $response
    ->withHeader('Access-Control-Allow-Origin', '*')
    ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
    ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
});
NEIL STRONG
  • 113
  • 7
  • I don't know the answer but what I can tell you is OPTIONS is a pre-flight request that basically asks the server "Is my request valid?" You can read about it [here](https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request). Which is usually issued by the browser. However I have found [this SO answer](https://stackoverflow.com/questions/38005829/cors-post-request-fails) which may help you. –  Jun 04 '18 at 13:02
  • "Is there something returned from the OPTIONS response that I should be passing back in the POST?" — Not usually. The API you are talking to may have weird requirements. – Quentin Jun 04 '18 at 13:24
  • The API is mine and is implemented using Slim. I've set the CORS details as detailed above. It works fine for all transaction types when called using Javascript as an Ajax service from a browser. I just cannot get it to work when called from a PHP script on the same server using Curl – NEIL STRONG Jun 06 '18 at 07:30

1 Answers1

0

Turns out it was me being an idiot. I had the URL path wrong for the API. D'oh! . Thanks to those of you that responded. Neil

NEIL STRONG
  • 113
  • 7