Symfony4. Missing ACAO headers only in static files

I have Symfony Rest API on /api context and everything works fine. Additionally, I host static pdf files in the /public/uploads directory. When getting file path through frontend browser throws error

Access to fetch at '' from origin '' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

It is like nelmio cors did not add the Access-Control-Allow-Origin header to the downloaded files but whole api works good without problems. I don’t have an .htaccess file that overwrites the headers.

        origin_regex: true
        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
        allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization', 'origin', 'accept', 'bearer']
        expose_headers: ['Link']
        max_age: 3600
            allow_origin: [ '%env(CORS_ALLOW_ORIGIN)%' ]
            allow_methods: [ 'GET', 'OPTIONS' ]
            allow_headers: [ 'Content-Type', 'Authorization', 'origin', 'accept', 'bearer' ]
            max_age: 3600
        '^/': ~

allow_origin is set on ‘*’ in .env

When I run CORS Chrome extension everything is ok.

Do you have any idea why headers aren’t added to the files?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *