Warning Cross-Origin Read Blocking (CORB)

[ghost]

I receive the message only on chrome and only on the aws/forge server (not in localhost - homestead). Everything seems to work well.

Cross-Origin Read Blocking (CORB) blocked cross-origin response https://api-staging.myapp.io/api/shop/customer with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.

I noticed that the preflight don't show the message "Preflight OK" on the aws/forge server. But yes on the localhost.

Laravel 5.7.15 php: 7.2.5 laravel-cors 1.4 vuejs 3.6.2 (vue-cli)

[ghost]

Little update, it's not only on localhost but also on my live staging server.

    'default_profile' => [

        'allow_credentials' => false,

        'allow_origins' => [
            '*',
        ],

        'allow_methods' => [
            'POST',
            'GET',
            'OPTIONS',
            'PUT',
            'PATCH',
            'DELETE',
        ],

        'allow_headers' => [
            'Content-Type',
            'X-Auth-Token',
            'Origin',
            'Authorization',
        ],

        'expose_headers' => [
            'Cache-Control',
            'Content-Language',
            'Content-Type',
            'Expires',
            'Last-Modified',
            'Pragma',
        ],

        'forbidden_response' => [
            'message' => 'Forbidden (cors).',
            'status' => 403,
        ],

        /*
         * Preflight request will respond with value for the max age header.
         */
        'max_age' => 60 * 60 * 24,
    ],

[d-pollard]

were you able to fix this issue?

[ghost]

@d-pollard No :/

[adamtester]

The CORS request needs to return a 204 No Content Response I believe

See https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md

barryvdh/laravel-cors has the same issue: https://github.com/barryvdh/laravel-cors/issues/362

[freekmurze]

Feel free to submit a PR with tests that fixes this.