leogout
commented
6 years ago Related to #99 try to look for an answer before posting a new issue :)
Closed PaulRDX closed 1 year ago
leogout
commented
6 years ago Related to #99 try to look for an answer before posting a new issue :)
PaulRDX
commented
6 years ago I know, I checked this issue #99 . What I understand from it is that I should specify allow_origin directly in .yml and not in .env file. I tried it and it didn't work.
I've also checked the issue #57 wich didn't get any answer. That's why I opened this issue.
It's still not working and I can't figure out why.
LeWricka
commented
5 years ago Any solution for this @PaulRDX ? I think I am facing the same issue :(
PaulRDX
commented
5 years ago Hi @icka69! Well we didn't use this library. We finally set our CORS headers directly in our server configuration.
You might find some other workaround here
epiphaneSpecter
commented
3 years ago Please I have the same issue, someone have a solution ?
Guervyl
commented
3 years ago @epiphaneSpecter open the link that returns the error in the browser to make sure you call the right link. If the link returns any error code like 404 Symfony won't call the bundle to check for cors.
epiphaneSpecter
commented
3 years ago @Guervyl of cource i call the good url.But i still have the same error
Guervyl
commented
3 years ago You should have in your config\packages\nelmio_cors.yaml:
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
expose_headers: ['Link']
max_age: 3600
paths:
'^/': nullAnd in .env file:
###> nelmio/cors-bundle ###
CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
###< nelmio/cors-bundle ###If you have this configuration and the link your calling is http[s]://localhost and you're getting the error. So you are missing something.
Hi,
So I'm using your bundle wich works perfectly fine on localhost but I can't make it work on my server.
I've got an Angular Front requesting my Symfony 4 API. On localhost, Access-Control-Allow-Origin header is correctly set:
Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://localhost:4200 Cache-Control: max-age=0, must-revalidate, private Connection: close Content-Type: application/json Date: Wed, 27 Jun 2018 08:37:54 +0000, Wed, 27 Jun 2018 08:37:54 GMT Host: 127.0.0.1:8000 Link: http://127.0.0.1:8000/api/docs.jsonld; rel="http://www.w3.org/ns/hydra/core#apiDocumentation" X-Powered-By: PHP/7.1.16
But after uploading it on my server and modifying my .env CORS_ALLOW_ORIGIN. I'm running into this error:
Failed to load https://API-URL.com/api/login_check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'https://FRONT-URL.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.And here is the response header:
Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: * Cache-Control: max-age=0, must-revalidate, private Connection: Keep-Alive Content-Length: 820 Content-Type: application/json Date: Wed, 27 Jun 2018 08:29:52 GMT Keep-Alive: timeout=5, max=100 Link: https://API-URL.com/api/docs.jsonld; rel="http://www.w3.org/ns/hydra/core#apiDocumentation" Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.6 Set-Cookie: my_cookie X-Powered-By: PHP/7.2.6
Do you have an idea why Access-Control-Allow-Origin: is set to '*' instead of 'https://FRONT-URL.com'?
Does it have anything to do with X-Powered-By?
Here is my nelmio_cors.yaml working on localhost: