I have Symfony Rest API on /api context and everything works fine. Additionally, I host static pdf files in the /public/uploads directory. When getting file path through frontend browser throws error
Access to fetch at 'http://127.0.0.1:8000/uploads/b8b3a04a69f59a6c20c9c153281657d5.pdf' from origin 'http://192.168.8.111:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
It is like nelmio cors did not add the Access-Control-Allow-Origin header to the downloaded files but whole api works good without problems. I don’t have an .htaccess file that overwrites the headers.
nelmio_cors: defaults: origin_regex: true allow_origin: ['%env(CORS_ALLOW_ORIGIN)%'] allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'] allow_headers: ['Content-Type', 'Authorization', 'origin', 'accept', 'bearer'] expose_headers: ['Link'] max_age: 3600 paths: '^/uploads': allow_origin: [ '%env(CORS_ALLOW_ORIGIN)%' ] allow_methods: [ 'GET', 'OPTIONS' ] allow_headers: [ 'Content-Type', 'Authorization', 'origin', 'accept', 'bearer' ] max_age: 3600 '^/': ~
allow_origin is set on ‘*’ in .env
When I run CORS Chrome extension everything is ok.
Do you have any idea why headers aren’t added to the files?
Source: Symfony Questions
Was this helpful?
0 / 0