Support » Plugins » Authentication from localhost to rest api results CORS error

  • Hi,
    I just installed a fresh wp on a dev server. I am trying to authenticate to the rest api (plugin, since it’s wp v.4.6.3), with an ionic/angularjs app which is located on my computer/device. Currently using JWT Authentication for WP-API plugin.
    This is my header, with the help of HTTP Headers plugins:

    content-encoding: gzip
    x-powered-by: php/5.5.9-1ubuntu4.21
    connection: keep-alive
    content-length: 3361
    keep-alive: timeout=5, max=95
    access-control-allow-headers: accept, authorization, cache-control, cookie, content-type, origin
    server: apache/2.4.7 (ubuntu)
    x-frame-options: allow-from *
    vary: accept-encoding
    access-control-allow-methods: get, post, options, head, put, delete, trace, connect, patch
    content-type: text/html; charset=utf-8
    access-control-allow-origin: *
    access-control-expose-headers: cache-control, cookie, content-type, origin
    cache-control: no-cache, must-revalidate, max-age=0
    

    No matter what I do I get some CORS error. The most recent is:

    Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response.

    The JWT plugin also had in docs some mention of editing .htaccess and wp-config.php, which I did. Tried several combinations of htacces edit and/or plugins. But same or similar error pops up.

    This is my code, based on doc of JWT plugin (credentials/url valid!):

    var apiHost = 'http://dev.imok.ro/authworks/wp-json';
    $http.post( apiHost + '/jwt-auth/v1/token', {
       username: 'admin',
       password: 'admin!@#'
    })
    .then( function( response ) {
       console.log( 'siker', response.data )
    })
    .catch( function( error ) {
       console.error( 'Errorrrr', error );
    });

    .htaccess:

    #<ifModule mod_headers.c>
    #    Header always set Access-Control-Allow-Origin: *
    ##    Header always set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
    ##    Header always set Access-Control-Allow-Headers "content-type"
    #</ifModule>
    
    <IfModule mod_rewrite.c>
    
    #SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    
    RewriteEngine on
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
    
    RewriteEngine On
    RewriteBase /authworks/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /authworks/index.php [L]
    </IfModule>

    Thanks for your help!
    Magor

    • This topic was modified 1 year, 9 months ago by  imokweb.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Updated wp to latest, and suddenly it works. But I still think it had something to do with some cache.

    The authorization rules should be placed before the # BEGIN WordPress since when permalinks updated, WordPress will update anything between the BEGIN and END with the original code and thus remove your added rules.

    Below is my final rules:

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
    </IfModule>
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /wordpress-v7.0/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /wordpress-v7.0/index.php [L]
    </IfModule>
    
    # END WordPress
    • This reply was modified 1 year, 4 months ago by  alibasheer.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Authentication from localhost to rest api results CORS error’ is closed to new replies.