CORS policy: No 'Access-Control-Allow-Origin'

[FlorianLeMenn]

Trying to setup mercure with cors, but I can't seem to get it to work.

Think it's been like that for a while, since #442 has been closed with wontfix by a stale bot we'd have to keep opening issues? or get some understanding in the issue

I made a POC to use Mercure & Symfony 5 with all configurations from Mercure documentation for Windows : https://github.com/FlorianLeMenn/Symfony-chat-mercure-poc/tree/staging I try to use Cookie authorization with JWT, but CORS policy fail like that :

Configuration for mercure.exe :

[dunglas]

Can you paste the command you use to start your web server? If you are using Symfony CLI, it starts a server on the 127.0.0.1 host, which not the same as localhost. So you need to update your Mercure configuration accordingly.

[dunglas]

Also, if you are using a recent version of Mercure, you must use the new configuration format. So it will be something like

set MERCURE_EXTRA_DIRECTIVES="cors_origins http://localhost:3000"
mercure.exe

https://mercure.rocks/docs/hub/config

[FlorianLeMenn]

Can you paste the command you use to start your web server? If you are using Symfony CLI, it starts a server on the 127.0.0.1 host, which not the same as localhost. So you need to update your Mercure configuration accordingly.

Versions mercure : "symfony/mercure-bundle": "^0.3.2",

I use this : php -S localhost:8000 to start my web sever. My mercure Hub is set on : http://localhost:3000

I add this on my .env.local : MERCURE_EXTRA_DIRECTIVES="cors_origins http://localhost:8000 http://localhost:3000" and in my launcher_mercure.bat :

set JWT_KEY=YourJwtKey
set ADDR=localhost:3000
set ALLOW_ANONYMOUS=1
set PUBLISH_ALLOWED_ORIGINS="http://localhost:3000 http://localhost:8000"
set CORS_ALLOWED_ORIGINS="http://localhost:3000 http://localhost:8000"
set EXTRA_DIRECTIVES="cors_origins http://localhost:8000 http://localhost:3000"
.\mercure.exe

But same result.

Maybe the cookie I try to set can be the problème ?

[dunglas]

It's MERCURE_EXTRA_DIRECTIVES, not EXTRA_DIRECTIVES. Can you try that?

[FlorianLeMenn]

I try it, same result

Access to resource at 'http://localhost:3000/.well-known/mercure?topic=%2Fmessages%2F%7Bid%7D&topic=%2Fping%2F%7Bid%7D' from origin 'http://localhost:8000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

[dunglas]

I don't manage to install your reproducer. Even after having the fixtures to be able to run the command, I get "Call to a member function getConversations() on null".

[dunglas]

With https://github.com/FlorianLeMenn/Symfony-chat-mercure-poc/pull/1 and the following command (on Unix, I don't have a Windows computer), I don't get any CORS error.

SERVER_NAME='localhost:3000' MERCURE_PUBLISHER_JWT_KEY='!ChangeMe!' MERCURE_SUBSCRIBER_JWT_KEY='!ChangeMe!' MERCURE_EXTRA_DIRECTIVES='cors_origins http://localhost:8000' ./mercure run

Be sure to visit https://localhost:3000 in your browser and to accept the self-signed TLS certificate first.

[FlorianLeMenn]

Thanks for reply, I found the solution ! :)

1. I update Mercure with the last version for Windows (https://github.com/dunglas/mercure/releases)
2. I use this command for Windows Powershel : $env:ADDR=":3000";$env:SERVER_NAME=":3000";$env:JWT_KEY='YourJwtKey';$env:MERCURE_EXTRA_DIRECTIVES="cors_origins http://localhost:8000"; ./mercure run
3. Change my cookie settings because I had a probleme with 'domain' in my cookie settings, mercure returned 401 :

           'mercureAuthorization',
           $this->jwt,
           0,
           '/.well-known/mercure',
           'localhost',
           false,
           false,
           false,
           'lax'
       );

   

Done !