<?php namespace frontend\modules\api\controllers; use common\behaviors\GsCors; use yii\filters\auth\CompositeAuth; use yii\filters\auth\HttpBearerAuth; use yii\filters\ContentNegotiator; use yii\rest\Controller; use yii\web\Response; class ApiController extends Controller { public function behaviors() { return [ 'corsFilter' => [ 'class' => GsCors::class, 'cors' => [ 'Origin' => ['*'], //'Access-Control-Allow-Credentials' => true, 'Access-Control-Allow-Headers' => [ 'Content-Type', 'Access-Control-Allow-Headers', 'Authorization', 'X-Requested-With' ], ] ], 'authenticator' => [ 'class' => CompositeAuth::class, 'authMethods' => [ HttpBearerAuth::class, ], ], [ 'class' => ContentNegotiator::className(), 'formats' => [ 'application/json' => Response::FORMAT_JSON, ], ], ]; } }