I have a front with Angular 4 and to connect I'm using phpCAS which I put in a folder /backend at the same place as my front.
In my front, where my index.html from Angular is, there is a index.php file that is launched first and that includes index.html after calling my authentification.
The authentification then works as intended, but whenever I want to disconnect, I'm calling my backend with the following :
disconnect button in front (angular)
logoutCerbere() {
return this._http.get("./backend/logout.php").subscribe(data => {
console.log("Disconnected")
})
}
logout.php
require_once 'init.inc.php';
if (phpCAS::isAuthenticated()) {
phpCAS::logout();
session_destroy();
session_unset();
} else {
header('HTTP/1.0 401 Unauthorized');
echo 'HTTP/1.0 401 Unauthorized';
}
init.inc.php
<?php
require_once 'CAS-1.3.6/CAS.php';
$CAS_HOST = '*******/****';
$CAS_CONTEXT = '/cas/public/';
//$cas_server_ca_cert_path = '/path/to/cachain.pem';
//phpCAS::setCasServerCACert($cas_server_ca_cert_path);
phpCAS::client(CAS_VERSION_2_0, $CAS_HOST, 443, $CAS_CONTEXT);
phpCAS::setNoCasServerValidation();
phpCAS::forceAuthentication();
?>
I get a CORS error saying that the "Same Origin Policy disallows reading the remote ressource at ... (Reason: CORS header 'Access-Control-Allow-Origin' missing)"
What I don't understand is that I'm calling this from my server (since I'm asking to get my php file and that my connection is working exactly the same way) so there shouldn't be a CORS request.
What am I missing there ?
What I was missing is :
It is indeed PHP before the include so there is no CORS, but once we're in the include, it's html/front domain
The getUser is simply retrieving the data from a local storage, therefore no CORS is involved
When I wanted to make a disconnect request, the request was made front side meaning CORS would intervene.
I worked around it by simply putting a
<a href="backend/logout.php">Disconnect</a>.That means that the PHP is run server side and no CORS will be involved.