search

nelmio / NelmioCorsBundle

Adds CORS (Cross-Origin Resource Sharing) headers support in your Symfony application
https://symfony.com/bundles/NelmioCorsBundle/
MIT License
1.89k stars 108 forks source link

CORS problem if 'Content-type': 'multipart/form-data' #128

Closed fabianoroberto closed 5 years ago

fabianoroberto commented 5 years ago

Hi,

I have a problem with a POST api only when 'Content-type' is 'multipart/form-data'. If I remove the image in that request, the api is successfully executed.

This is my config:

nelmio_cors:
    defaults:
        origin_regex: true
        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization']
        expose_headers: ['Link']
        max_age: 3600
    paths:
        '^/': ~

Error:

CORS header 'Access-Control-Allow-Origin' missing (No error appear during preflight request (OPTIONS))

fabianoroberto commented 5 years ago

I solved my problem by adding 'Accept' in allow_headers:

['Accept', 'Authorization', 'Content-Type']