When working with JavaScript applications that issue AJAX requests against your API, you may want to use cross-origin resource sharing (CORS) headers to ensure that only domains that you specify can run against your domain. CORS headers can be implemented by adding yii\filters\Cors
to your behaviors()
method, as shown in the following example:
public function behaviors() { return [ 'corsFilter' => [ 'class' => \yii\filters\Cors::className(), ], ]; }
This behavior can be extended by setting specific CORS headers that you want to specify for your controller:
public function behaviors() { return [ 'corsFilter' => [ 'class' => \yii\filters\Cors::className(), 'cors' => [ // Only allow https://www.example.com to execute against your domain in AJAX 'Origin' => ['https://www.example.com'], // Only allow POST and DELETE methods from the...