Access-Control-Allow-Origin missing, but not on the preflight request

I am using the nelmio bundle with the folliwing configuration

nelmio_cors:
    paths:
      '^/api/':
        allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
        allow_headers: ['Content-Type', 'Authorization', 'some-custom-header']
        allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
        max_age: 3600

CORS_ALLOW_ORIGIN: "*"

On my preflight request I get the correct header, here is a part of the curl :

< access-control-allow-origin: https://my-domain-client.company-sandbox.com
< access-control-allow-headers: content-type, authorization, some-custom-header
< access-control-allow-methods: POST, PUT, GET, DELETE
< access-control-max-age: 3600

Then when the real request is coming to https://my-domain-api.company-sandbox.com/api/my_route

I dont receive the Access-Control-Allow-Origin header, and I get browser error.

Any idea ?

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *