If you want people to be able to reach your webapp from external domains you'll need to send the Access-Control-Allow-Origin
header. In Phalcon you could do that like this:
class SomeController extends ControllerBase
{
public function crossDomainAction()
{
// If you want literally anyone to be able to access your endpoint:
$this->response->setHeader("Access-Control-Allow-Origin", "*");
// If you want only specific domains to be able to access your domain:
// In this example you can only reach your website from `https://www.example.com`
$this->response->setHeader("Access-Control-Allow-Origin", "https://www.example.com");
}
}
If you want to do this globally over your entire application (not recommended, check out HTTP access control (CORS) for more info):
class ControllerBase extends Controller
{
public function afterExecuteRoute()
{
$this->response->setHeader("Access-Control-Allow-Origin", "*");
}
}