It's been a long time since I started to link the front end and server side programs like Rest. I came here and did a lot of pokamis, so as a memorandum.
Have the front create a dummy API that only returns a fixed value json and proceed with the implementation The backend is implemented for prod so that the dummy is dynamic, and finally replaced with the dummy I am producing in a flow like this.
So, the backend uses php, but after a lot of mess
I'll do various things ~ header('Content-Type: application/json'); echo $json; exit;
It is the theory to output json as. The front runs test.php as an endpoint with js etc. CORS is almost always a problem.
On the Apache side, thinking that security risks should be considered one after another
Header set Access-Control-Allow-Origin *
Access OK !! from all domains is added to the response header. So, it was bad to forget it completely and write it in php.
header('Content-Type: application/json'); header('Access-Control-Allow-Origin *'); echo $json; exit;
Access to XMLHttpRequest at 'https://xxxxx.jp/api/test' from origin 'null' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.
Looking only at the beginning of the error message, I thought that Origin should have been set. If you look closely, it was an error because multiple Access-Control-Allow-Origin headers were set.
Either erase it and solve it, but in this case php is better. I know, but I'm most scared of mistakes in patterns that I don't notice.
**end. ** **