TechQA.

Yii2 AccessControl for action to be accessed by certain website

502 views Asked by At

I have a backend project on my ssl server, like ssl.mybackend.com, with following:

class FormController extends Controller
{
    public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'rules' => [                    
                    [
                        'actions' => ['index', 'delete', 'view', 'create'],
                        'allow' => true,
                        'roles' => ['@'], //only authorized users
                    ],
                    [
                        'actions'=> ['create-order'],
                        'allow'=>true   //change all users to "myfrontend.com"                   
                    ]
                ],
            ],

        ];
    }

I need to grant an access to create-order action only to my frontend website. I am not sure if it's possible to do with AccessControl and appreciate if you could advise other solutions.

php ssl yii2 access-control crossdomain-request.js
Original Q&A
1

There are 1 answers

1
xCrZx On

If you want to use ajax calls from frontend on another domain, you should use corsFilter instead. Example from documentation:

public function behaviors()
{
    return [
        'corsFilter' => [
            'class' => \yii\filters\Cors::className(),
            'cors' => [
                // restrict access to
                'Origin' => ['http://www.myserver.com', 'https://www.myserver.com'],
                'Access-Control-Request-Method' => ['POST', 'PUT'],
                // Allow only POST and PUT methods
                'Access-Control-Request-Headers' => ['X-Wsse'],
                // Allow only headers 'X-Wsse'
                'Access-Control-Allow-Credentials' => true,
                // Allow OPTIONS caching
                'Access-Control-Max-Age' => 3600,
                // Allow the X-Pagination-Current-Page header to be exposed to the browser.
                'Access-Control-Expose-Headers' => ['X-Pagination-Current-Page'],
            ],

        ],
    ];
}

Cross Origin Resource Sharing in Yii2

Related Questions in PHP

Related Questions in SSL

Related Questions in YII2

Related Questions in ACCESS-CONTROL

Related Questions in CROSSDOMAIN-REQUEST.JS

Popular Questions

Trending Questions