O'Reilly logo

Mastering Yii by Charles R. Portwood II

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Cross-origin resource headers

When working with JavaScript applications that issue AJAX requests against your API, you may want to use cross-origin resource sharing (CORS) headers to ensure that only domains that you specify can run against your domain. CORS headers can be implemented by adding yii\filters\Cors to your behaviors() method, as shown in the following example:

public function behaviors()
{
    return [
        'corsFilter' => [
            'class' => \yii\filters\Cors::className(),
        ],
    ];
}

This behavior can be extended by setting specific CORS headers that you want to specify for your controller:

public function behaviors() { return [ 'corsFilter' => [ 'class' => \yii\filters\Cors::className(), 'cors' => [ // Only allow https://www.example.com to execute against ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required