Large file upload CORS policy: No 'Access-Control-Allow-Origin' header

[adaptingnl]

HI,

First of all thanks for creating this package. Really helpfull.

At this moment I have a problem when uploading a large file (>1mb) from an embedded form. I get the following error:

(index):1 Access to XMLHttpRequest at 'https://development.adapting.io/fileUpload' from origin 'https://www.adapting.nl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

When a file is smaller then 1mb everything works fine.

What I have tried

• [x] checked nginx for errors -> none found
• [x] added client_max_body_size 50M; to my nginx config -> no effect
• [x] Have upgraded to the latest version of fruitcake/laravel-cors

The details

The first request

Request URL: https://development.test/fileUpload
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: **
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-CSRF-TOKEN
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: **
Cache-Control: no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Dec 2020 10:51:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,nl;q=0.7
Access-Control-Request-Headers: x-csrf-token
Access-Control-Request-Method: POST
Cache-Control: no-cache
Connection: keep-alive

The second request (that fails)

Request URL: https://development.test/fileUpload
Referrer Policy: strict-origin-when-cross-origin
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 18 Dec 2020 10:51:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9,en-US;q=0.8,nl;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1000534
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryF96ErBPjf6HZBFjw

Cors.php

    'paths' => ['*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,

app/http/kernel.php

    protected $middleware = [
        \Fruitcake\Cors\HandleCors::class,
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        CheckTenantStatus::class
    ];

Hope that someone can help me out, working on this for 2 days now and still don't have any clue what is going wrong.

Thanks in advance and best regards,

Niels

[rchsantos]

Hello I have the same issues,

Richardson

[adaptingnl]

Hi @rchsantos,

I had my lesson about this subject. The CORS errors can be misleading.

When there is some error in your function that is needed for the request, it is possible that you get a CORS error while it has nothing to do with it. I had somewhere in my code return exit that was messing everything up. So no error in the logs, everything in the CORS settings was right.

My advice, start debugging the complete trail of all the functions the application uses to make the request.

Niels

[rchsantos]

Hello @adaptingnl,

Thanks for your answer, I'll debbug my code