I am using Nelmio_cors but still get No ‘Access-Control-Allow-Origin’ header is present on the requested resource

  cors, nelmiocorsbundle, symfony

I have an API in Symfony 4 using NelmioCorsBundle. I have a Vue.js application that request that same API. I use google chrome as browser.

When I send a GET request There is no problem but when I send a POST I get the following response.

Access to XMLHttpRequest at 'https://my_api_domain/api/resource/custom-update' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

I understand it tell me that I need to set ‘Access-Control-Allow-Origin’ in my response headers. But for what I understand NelmioCorsBundle should be injecting it automatically.

The bundle is decared in bundle.php

return [
  NelmioCorsBundleNelmioCorsBundle::class => ['all' => true],

Here is my settings for NelmioCorsBundle

    origin_regex: true
    allow_origin: ['*']
    allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
    allow_headers: ['Content-Type', 'Authorization']
    expose_headers: ['Link']
    max_age: 3600
    '^/': ~
  • I have already read the documentation for CORS.
  • I do not want a hack to make it work on Chrome or Firefox.
  • I have tried to inject manually the ‘Access-Control-Allow-Origin: *’ in my response

Nothing worked.

What did I miss ?

Source: Symfony Questions