[ 'class' => GsCors::class, 'cors' => [ 'Origin' => ['*'], //'Access-Control-Allow-Credentials' => true, 'Access-Control-Allow-Headers' => [ 'Access-Control-Allow-Origin', 'Access-Control-Allow-Methods', 'Content-Type', 'Access-Control-Allow-Headers', 'Authorization', 'X-Requested-With' ], 'Access-Control-Allow-Methods' => ['POST', 'GET', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'], 'Access-Control-Request-Method' => ['POST', 'GET', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'], ] ], 'authenticator' => [ 'class' => CompositeAuth::class, 'authMethods' => [ HttpBearerAuth::class, ], ], [ 'class' => ContentNegotiator::className(), 'formats' => [ 'application/json' => Response::FORMAT_JSON, ], ], ]; } }