public function behaviors()
{
$behaviors = [
'verbs' => [
'class' => VerbFilter::className(),
'actions' => [],
],
'corsFilter' => [
'class' => Cors::className(),
'cors' => [
'Origin' => ['*'],
'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'],
'Access-Control-Request-Headers' => ['*'],
'Access-Control-Allow-Origin' => ['*'],
'Access-Control-Allow-Credentials' => true,
'Access-Control-Max-Age' => 86400,
'Access-Control-Expose-Headers' => [],
],
],
];
if (Yii::$app->getRequest()->getMethod() !== 'OPTIONS') {
$behaviors['authenticator'] = [
'class' => HttpBearerAuth::className(),
'optional' => [
'login',
'signup'
],
];
}
return $behaviors;
}