NelmioCorsBundle not setting ALLOW_ORIGINS (Heroku Server)

[dariusmann]

I am have a API Backend (Symfony) and a SPA Frontend (Vue) running on two different Heroku Apps.

Backend: https://igrat-backend.herokuapp.com Frontend: https://igrat-frontend.herokuapp.com

In my Symfony App I use the NelmioCorsBundle to enable CORS.

Here is my NelmioCorsBundle config file:

nelmio_cors:
    defaults:
        allow_credentials: true
        origin_regex: true
        allow_origin: ['*']
        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type','Authorization']
        expose_headers: ['Link']
        max_age: 3600
    paths:
        '^/': ~

Nevertheless the Access-Control-Allow-Origin header is not being set and I get the following error making a request from my Frontend to my Backend:

To reproduce go to https://igrat-frontend.herokuapp.com, click on Login in the menu and type in any credentials to fire the request.

Extra information:

• It works on my localhost (dev enviroment)

• I do not use a .htaccess file

• I have tried to write the allowed host explicit in the NelmioCorsBundle config: https://igrat-frontend.herokuapp.com

• I cleared the Symfony cache everytime I tested the config.

• I have used every possible configuration NelmioCorsBundle but nothing worked.

• The content of my heroku Procfile:

web: vendor/bin/heroku-php-apache2 public/

[lazka]

not sure if this is the problem, but origin_regex is set to true, but allow_origin isn't a valid regex

[huynguyen93]

I had the same problem, no error logs occurred or anything, but I found out there was code for debugging that used dump().

Change your environment to dev and see the in the profiler if you have anything in tab Debug.

In prod environment, dump() will not work (but I don't know why there was no errors logged).

I removed it and the headers were back.