i have backend project on ssl server, ssl.mybackend.com, following:
class formcontroller extends controller { public function behaviors() { return [ 'access' => [ 'class' => accesscontrol::classname(), 'rules' => [ [ 'actions' => ['index', 'delete', 'view', 'create'], 'allow' => true, 'roles' => ['@'], //only authorized users ], [ 'actions'=> ['create-order'], 'allow'=>true //change users "myfrontend.com" ] ], ], ]; } i need grant access create-order action frontend website. not sure if it's possible accesscontrol , appreciate if advise other solutions.
if want use ajax calls frontend on domain, should use corsfilter instead. example documentation:
public function behaviors() { return [ 'corsfilter' => [ 'class' => \yii\filters\cors::classname(), 'cors' => [ // restrict access 'origin' => ['http://www.myserver.com', 'https://www.myserver.com'], 'access-control-request-method' => ['post', 'put'], // allow post , put methods 'access-control-request-headers' => ['x-wsse'], // allow headers 'x-wsse' 'access-control-allow-credentials' => true, // allow options caching 'access-control-max-age' => 3600, // allow x-pagination-current-page header exposed browser. 'access-control-expose-headers' => ['x-pagination-current-page'], ], ], ]; } 
Comments
Post a Comment