CORS POST request in ZF2 becomes OPTIONS request instead

Question

Is there anyway in Zend Framework 2 to allow CORS on my API?

I have already allowed all origins header("Access-Control-Allow-Origin: *");

Every time I send a POST request with headers the server responds with 405.

On my access log I see the the request is actually OPTIONS

Answer 1

So to start with your php script should do these checks:

// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
    header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
    header('Access-Control-Allow-Credentials: true');
    header('Access-Control-Max-Age: 86400');    // cache for 1 day
}

// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {

if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         

if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
    header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");

    exit(0);
}

Once you do that CORS will be enabled.

Answer 2

Yes - extend the \Zend\Mvc\Controller\AbstractRestfulController::options method in your controller, if your controller class is extending from it. By default, it returns a 405, which is probably why you see that response.

Headers can be set via \Zend\Http\Headers::addHeaders

Note: "Zend" is currently "Laminas", since Zend Framework has become Laminas.