katanyoo
4/11/2018 - 5:22 AM

corsFilter.php

<?php
public function behaviors()
{
    $behaviors = parent::behaviors();

    unset($behaviors['authenticator']);

    $behaviors['corsFilter'] = [
        'class' => \yii\filters\Cors::className(),
        'cors' => [
            // restrict access to domains:
            'Origin' => ['*'],
            'Access-Control-Request-Method' => ['POST', 'GET'],
            'Access-Control-Allow-Credentials' => true,
            'Access-Control-Request-Headers' => ['*'],
            'Access-Control-Max-Age' => 3600, // Cache (seconds)
        ],
    ];

    $behaviors['authenticator'] = [
        'class' => CompositeAuth::className(),
        'authMethods' => [
            HttpBasicAuth::className(),
            HttpBearerAuth::className(),
        ],
        'except' => ['index', 'view'],
    ];

    return $behaviors;
}