Comments (13)
EDIT (resolved): So my issue was that I was clearing my dev cache, but when calling my localhost domain, it was "prod" so it needed to be cleared so it could pickup the NelmioCorsBundle configurations and such.
I'm also having this issue, however, I'm on Symfony 2.8 currently.
I have tried many different nelmio_cors configurations... below are the two that I'm trying currently to no avail...
nelmio_cors:
paths:
"^/":
allow_credentials: true
origin_regex: false
allow_origin: ['*']
allow_headers: ['Origin','Accept','Content-Type']
allow_methods: ['POST','GET','DELETE','PUT','OPTIONS']
max_age: 3600
and
nelmio_cors:
defaults:
allow_origin: ["*"]
allow_headers: ["*"]
allow_methods: ["POST", "PUT", "GET", "DELETE", "OPTIONS"]
max_age: 3600
origin_regex: false
paths:
'^/': ~
I have the bundle initialized in AppKernel.php. However, I can't even tell if the bundle is doing anything for me since this issue isn't being resolved. I thought having this CORS bundle it would properly respond to OPTIONS requests.
from nelmiocorsbundle.
I was working on the same error for 2 hours then i realized i just had to add a slash after the link.
From http://127.0.0.1:8000/api/login_check to http://127.0.0.1:8000/api/login_check/
from nelmiocorsbundle.
still i got this issue
from nelmiocorsbundle.
@RobertRajcool please include your configuration so we can help you :)
from nelmiocorsbundle.
I am currently investigating an issue I have in a new app using Symfony 3.2 that seems similar to this @RobertRajcool, are you also using Symfony 3.2 aswell?
In firebug console I see:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8005/.../ (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
However, it would seem that the root cause of this is that the preflight OPTIONS request is failing with a HTTP 500 error.
In the method CorsListener::getPreflightResponse() on Line 114, when allow_headers is true, it is expecting the Access-Control-Request-Headers
to be specified, which in my scenario is not the case where a DELETE
request only has the header Access-Control-Request-Method: DELETE
provided. So, on this line $headers
is null
.
Now it would seem this wasn't a problem until the RequestDataCollector in symfony/http-kernel was recently updated in 3.2 to use a different method for parsing headers. Given that the header Access-Control-Request-Headers
is null (or empty array once in the HeaderBag), it throws an exception when evaluating $v[0]
on Line 128.
To solve this, we can:
- Change symfony/http-kernel to better check that $v[0] exists on line 128.
- Change CorsListener to only set
Access-Control-Request-Headers
when a value is provided.
For now, I've provided a pull requests #69 for option (2) and will add a comment in symfony/http-kernel regarding this.
from nelmiocorsbundle.
I too hit on a similar issue this morning. In my case it was that I had updated to PHP7.1, but had not started the correct FPM service (the config for 7.0 was still running). It might be that this is a symptom of a problem further down your stack, and this error is a bit misleading.
from nelmiocorsbundle.
@codereviewvideos
Yes the error is misleading because it can simply signify a server error instead of an actual CORS issue. I had to dig into my logs to figure out I hadn't cleared the correct environment's cache.
from nelmiocorsbundle.
this is my configure file
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
paths:
'^/':
allow_origin: ['']
allow_headers: ['']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
max_age: 3600
112,1 Bot
from nelmiocorsbundle.
@RobertRajcool
You can put code in code blocks using three back ticks on the line above and below code...
Like so ... (this is three back ticks ```)
Secondly, here is my working configuration... which I may have snagged out of this thread...
nelmio_cors:
paths:
"^/":
allow_credentials: false
origin_regex: false
allow_origin: ['*']
allow_headers: ['Origin','Accept','Content-Type']
allow_methods: ['POST','GET','DELETE','PUT','OPTIONS']
max_age: 3600
from nelmiocorsbundle.
@BallisticPain
attach config.yml file
from nelmiocorsbundle.
Same here, with local dev, using docker I get
Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains the invalid value 'null'. Origin 'http://localhost:3030' is therefore not allowed access.
But on dev server requests come in ok.
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: []
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
origin_regex: false
paths:
'^/':
origin_regex: true
allow_origin: ['^http://localhost:[0-9]+', '^http://example.com:[0-9]+', '^https://example.gitlab.io']
allow_headers: ['*']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE','OPTIONS', 'PATCH']
max_age: 3600
hosts: ['\.']
from nelmiocorsbundle.
Same issue with Symfony 3.2.3 with this configuration :
nelmio_cors:
defaults:
allow_origin: ["%cors_allow_origin%"]
allow_headers: ["content-type", "authorization"]
allow_methods: ["POST", "PUT", "GET", "DELETE", "PATCH", OPTIONS"]
max_age: 3600
paths:
'^/': ~
I found that clear the cache with a terminal can solved the issue :
rm -rf var/cache/*
But this configuration works on one of my two computers, the VM is the same... I still don't know why...
from nelmiocorsbundle.
Try this It works for me
npm i js-cookie
import Cookies from 'js-cookie'
const csrftoken = Cookies.get('csrftoken') // Cookies from Django Domain
const loginRequest = async () => {
await Axios({
method: "post",
url: `/api/api-auth/login/`,
headers: { 'X-CSRFToken': csrftoken },
data: {}
}).then((res) => {
console.log(res.data);
})
}
from nelmiocorsbundle.
Related Issues (20)
- if origin is not allowed, the `access-control-allow-origin` is not set HOT 2
- Controller action gets executed for invalid origins HOT 2
- https POST request has blocked by CORS policy HOT 6
- PHP Fatal error HOT 3
- Reflected XSS vulnerability
- 400 Bad request on Preflight (CORS Preflight Did Not Succeed) - Symfony 4 HOT 4
- Symfony 5: 502 Bad Gateway HOT 1
- Allow multiple domains for X-Frame-Options (clickjacking) HOT 1
- NelmioCorsBundle not setting ALLOW_ORIGINS (Heroku Server) HOT 2
- Automatic added Vary-header blocks vary-config from SensioFrameworkExtraBundle-annotation HOT 2
- Symfony 6 compatibility HOT 4
- No 'Access-Control-Allow-Origin' header only for some clients HOT 5
- missing CORS header 'Access-Control-Allow-Origin' Front-End REACT, Back-End Symfony 5 with Api Platform and NelmioCorsBundle HOT 14
- Is this project/repository abandoned? HOT 2
- version 2.3.0 blocks use of psr/log:3.0.0, which the latest version of monolog/monolog requires HOT 2
- POST Request returns 400 with wrong Headers HOT 2
- Symfony 7 support HOT 5
- ERR_ABORTED 500 Response to preflight request doesn't pass access control check: It does not have HTTP ok status HOT 1
- allow_credentials: true is ignored
- Usage of logger within the bundle HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nelmiocorsbundle.