cretueusebiu / laravel-nuxt

A Laravel-Nuxt starter kit.
https://laravel-nuxt.cretueusebiu.com
MIT License
1.15k stars 262 forks source link

Cannot get CORS to work in production #158

Open sjoerdoudman opened 2 years ago

sjoerdoudman commented 2 years ago

First of all a great thank you for this starter kit,

In local development everything is working smoothly and it is so easy to set it up. I am just running into a problem with production. I am running with SSR and both the API and the FE are running on a subdomain. So my Laravel runs on one.example.com and my Nuxt on two.example.com. I have not made any changes to the config/cors.php, which seems pretty forgiving.

Yet I get the following CORS error, which I have tried to find a solution for high and low: Access to XMLHttpRequest at 'http://one.example.com/api/upload' from origin 'http://two.example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Could this anyhow be related to the api and client both running on a subdomain? And if so, can anything be changed to the configuration to make this work? I am building a project that has to run on a subdomain so I cannot use the main.

sjoerdoudman commented 2 years ago

With the help of a friend found the culprit, I am posting the outcome here for future reference. You need to configure it with the fastcgi_pass. It turns out it works with the following configuration:

`server { listen 80; listen [::]:80; server_name one.example.com; root /var/www/html/example/public;

index index.php;

charset utf-8;

location / {
    try_files $uri $uri/ /index.php?$query_string;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }

error_page 404 /index.php;

location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
}

location ~ /\.(?!well-known).* {
    deny all;
}

}`