search

nelmio / NelmioCorsBundle

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application
https://symfony.com/bundles/NelmioCorsBundle/
MIT License
1.89k stars 108 forks source link

Question: How to add CORS headers for 401 Unauthorized response #103

Closed Ronnie-J closed 6 years ago

Ronnie-J commented 6 years ago

Hi.

I have an issues with the library not adding CORS headers when the request is blocked by Symfony Firewall. Access-Control-Allow-Origin: http://localhost is present on valid requests but missing when I call the API endpoint with an invalid token. I would need this CORS header on that response as well.

Is it not expected to have these headers on that type of response?

I can create my own exception listener but I would rather have Nelmio handling it.

My configuration is;

nelmio_cors:
    defaults:
        allow_origin: ['*']
        allow_methods: ['PUT', 'GET', 'DELETE', 'OPTIONS']
        allow_headers: ['authorization', 'accept', 'content-type']
        expose_headers: []
        max_age: 3600
    paths:
        '^/': ~
Ronnie-J commented 6 years ago

Sorry. Looks like it's the API gateway removing the headers.