I'm on D 9.3.x
I have a custom form, e.g.
my_module.my_form:
path: 'custom-form-end-point'
defaults:
_title: 'Custom Form'
_form: 'Drupal\my_module\Form\MyFormController'
requirements:
_access: 'TRUE'
This form is POSTED from an Android app inside a self-hosting html page - so from outside the site server and Drupal, e.g.
<form id="myform" action="https://mysite.com/custom-form-end-point" method="post">
<input id="input-one" type="hidden" name="input-one">
<input id="input-two" type="hidden" name="input-two">
</form>
This is obliviously a CORS request, which so far has worked.
For other implementations, I now need to enable the site's CORS.
Unfortunately, the origin for this request is null and it is not possible to change from the app side.
I'd therefore need to set up a "generic" cors configuration inside the site services.yml and a specific one for the form route.
I've tried to check if it is possible to set-up specific settings for specific routes. I found nothing, I've even looked inside Asm89/Stack/Cors which is responsible of the cors logic, and it doesn't seem possible to me.
I've tried to use or set-up a logic similar to advanced cors module, but it doesn't seem to work. I tried to subscribe to the Symfony\Component\HttpKernel\KernelEvents and some more: in the case of the cors form post request, the subscribe isn't triggered - or at least Asm89/Stack/Cors::handle starts before them and kills the request.
I've tried to add the header directly in the site's settings.php:
if (str_ends_with($_SERVER['REQUEST_URI'], 'custom-form-end-point')) {
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST');
}
but with no result.
Is there a way to solve this issue? Thanks.
