Help with CORS needed.

[valjar]

I need some help, because this problem is bugging me for days and i don't know how to proceed further. I'm developing my application with VueJs2 and Codeigniter (Rest controller) as my API. I'm using node web-pack server (npm run dev) so my front page app runs on http://localhost:8080. This app is making requests to my Codeigniter application (I'm using nginx virtual host, so i can access my apis on my http://myapp.test)

The problem is following. My VueJs application is making GET request from http://localhost:8080, with some custom header

this.$http.get(this.$apiUrl + `rest/api/public/User/user/` + payload.id_user, {
    // if i remove this custom header, everything works ok!
    headers: {
        jwttoken: token
    }
})

And this is my rest.php configuration regarding CORS

$config['check_cors'] = FALSE;
$config['allowed_cors_headers'] = [
    'Origin',
    'X-Requested-With',
    'Content-Type',
    'Accept',
    'Jwt-token',
    'jwttoken'
];
$config['allow_any_cors_domain'] = TRUE;
$config['allowed_cors_origins'] = [
    'http://localhost:8080',
];

And this is my controller, to get user

class User extends REST_Controller {
   public function user_get($id) {
        $this->response([
            'status' => true,
            'data'   => 'data'
        ], REST_Controller::HTTP_OK);
    }
}

And the result of this request is 405 Method not allowed (because requested method is OPTIONS (i assume that this is pre-flight request), which is failing)

So assuming that something is wrong with CORS i have enable it with all the same setting as u can see above, but problem still remains. $config['check_cors'] = TRUE; The only difference i see is, that response header now allow all methods and headers, but get request doesn't execute

Access-Control-Allow-Headers:*
Access-Control-Allow-Methods:*
Access-Control-Allow-Origin:*

This is my nginx configuration for php

location /rest {
    index /rest/index.php;
    try_files $uri $uri/ /rest/index.php;

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, PATCH, DELETE';
    add_header 'Access-Control-Allow-Headers' '*';
}

location ~ \.php$ {
    try_files        $uri =404;
    fastcgi_pass     unix:/Applications/MAMP/Library/logs/fastcgi/nginxFastCGI.sock;
    fastcgi_param    SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param    WORKING_ENVIRONMENT dev;
    include          fastcgi_params;
    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, PATCH, DELETE';
    add_header 'Access-Control-Allow-Headers' '*';
}

Can some one please help me out? I don't know what else do i have to do so i will be able to request resources from http://localhost:8080 to my http://myapp.test API

UPDATE If i make my controller to look like this and if i remove add_header lines from nginx.conf, then my code "is working". First makes options request (which is failing), then it makes get request which is ok

class User extends REST_Controller {
    public function user_get($id) {
        $this->getUser();
    }
    public function user_options() {
        $this->getUser();
    }
    private function getUser($id) {
        var_export($id);
        var_dump('test');
        die();
    }

If you need any additional informations, please let me know and i will provide. Thank you!

[fabianblum]

Have a look #863

[valjar]

Yeah, this solved my problem. Thank you for this, because this was bugging me for days. THANK YOU!