kangmin/Retribusi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
40216e014d746139ee2d1dfe334b493c38bb733e
Retribusi/api/README_CORS_FIX.md

119 lines
3.2 KiB
Markdown
Raw Blame History

# 🔧 PERBAIKAN CORS - INSTRUKSI WAJIB
## ⚠️ MASALAH SAAT INI
- Frontend (localhost) GAGAL login karena CORS
- Request OPTIONS (preflight) ke endpoint login.php dibalas 400
- API belum menangani preflight OPTIONS
## ✅ SOLUSI: Tambahkan CORS Handler
### LANGKAH 1: Copy Kode CORS Handler
Copy kode berikut ke **PALING ATAS** setiap file endpoint (sebelum require/include apapun):
```php
<?php
// ================= CORS HANDLER (WAJIB PALING ATAS) =================
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// ================= END CORS HANDLER =================
```
### LANGKAH 2: File yang Perlu Diperbaiki
Tambahkan CORS handler di file-file berikut:
1.`/retribusi/v1/api/auth/login.php`
2.`/retribusi/v1/api/dashboard/summary.php`
3.`/retribusi/v1/api/dashboard/chart.php`
4.`/retribusi/v1/api/dashboard/chart_monthly.php`
5.`/retribusi/v1/api/dashboard/events.php`
### LANGKAH 3: Urutan Kode yang Benar
```php
<?php
// 1. CORS HANDLER (PALING ATAS - SEBELUM APAPUN)
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-API-KEY");
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(200);
exit;
}
// 2. Set Content-Type untuk JSON response
header('Content-Type: application/json');
// 3. Require/include file lain (jika ada)
// require_once '../config/database.php';
// require_once '../config/auth.php';
// 4. Logic auth/validation
// ... kode auth yang sudah ada ...
// 5. Logic bisnis API
// ... kode API yang sudah ada ...
```
## 🧪 TESTING
Setelah perbaikan, test dengan:
```bash
# Test OPTIONS preflight
curl -X OPTIONS https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: Content-Type, X-API-KEY" \
-v
# Harus return: HTTP 200 OK
# Test POST login
curl -X POST https://api.btekno.cloud/retribusi/v1/api/auth/login.php \
-H "Content-Type: application/json" \
-H "X-API-KEY: RETRIBUSI-DASHBOARD-KEY" \
-d '{"username":"test","password":"test"}' \
-v
```
## ✅ HASIL YANG DIHARAPKAN
-`OPTIONS /api/auth/login.php` → HTTP 200 OK
-`POST /api/auth/login.php` → login normal (tidak berubah)
- ✅ Browser TIDAK lagi error CORS
- ✅ Frontend login dari localhost BERHASIL
## 📋 CHECKLIST
- [ ] CORS handler ditambahkan di semua endpoint
- [ ] CORS handler di paling atas (sebelum require/include)
- [ ] OPTIONS request return HTTP 200
- [ ] Response bisnis API tidak berubah
- [ ] Auth logic tetap berjalan normal
- [ ] Test dari browser localhost berhasil
## ⚠️ PENTING
- **JANGAN** mengubah response bisnis API
- **JANGAN** menambah proxy
- **JANGAN** mematikan auth
- **HANYA** menambahkan CORS handler di atas
## 📁 File Example
Lihat file `.example` di folder ini untuk contoh implementasi:
- `auth/login.php.example`
- `dashboard/summary.php.example`
- `dashboard/chart.php.example`
- `dashboard/chart_monthly.php.example`
- `dashboard/events.php.example`
Reference in New Issue View Git Blame Copy Permalink