no Cross-Origin header on /public route

[BernardA]

I have an API-Platform app that is working fine on the /api/ route, but running into CORS issue when trying to GET images from the /public folder.

It's just not adding the CORS headers to the response.

This is the config:

    paths:
    '^/api/':
        origin_regex: true
        allow_origin: ['^https?:\/\/localhost:[0-9]+.*|127.0.0.1(:[0-9]+)?|https:\/\/musing-davinci-538143.netlify.com']
        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization']
        expose_headers: ['Content-Disposition','Link','X-Total-Count']
        max_age: 3600
    '^/images/':
        origin_regex: true
        allow_origin: ['^https?:\/\/localhost:[0-9]+.*|127.0.0.1(:[0-9]+)?|https:\/\/musing-davinci-538143.netlify.com']
        allow_methods: ['GET']
    '^/':
        origin_regex: true
        allow_origin: ['^https?:\/\/localhost:[0-9]+.*|127.0.0.1(:[0-9]+)?|https:\/\/musing-davinci-538143.netlify.com']
        allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
        max_age: 3600

These are the headers when trying to access it from my client app:

Please note that I am using Symfony'S local web server. Just in case, this is my .htaccess file

 # Redirect all requests to index.php
  <IfModule mod_rewrite.c>
     RewriteEngine On
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteRule ^ index.php [QSA,L]
 </IfModule>
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

[Linkweb-Tech]

I know it been a while but did you find out a solution to your problem ?

I'm running into the exact same issue atm.

[BernardA]

I found out that this bundle does not at all handle routes that do not pass through index.php, like something in /public/images.

So you will need to take care of that separately, like in .htaccess.