I have an API in Symfony 4 using NelmioCorsBundle. I have a Vue.js application that request that same API. I use google chrome as browser.
When I send a GET request There is no problem but when I send a POST I get the following response.
Access to XMLHttpRequest at 'https://my_api_domain/api/resource/custom-update' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
I understand it tell me that I need to set 'Access-Control-Allow-Origin' in my response headers. But for what I understand NelmioCorsBundle should be injecting it automatically.
The bundle is decared in bundle.php
return [
...
Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
...
];
Here is my settings for NelmioCorsBundle
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['*']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
expose_headers: ['Link']
max_age: 3600
paths:
'^/': ~
- I have already read the documentation for CORS.
- I do not want a hack to make it work on Chrome or Firefox.
- I have tried to inject manually the 'Access-Control-Allow-Origin: *' in my response
Nothing worked.
What did I miss ?
may be nonsense but have you formatted the .yml well? in the sense that to work properly the .yml files must be formatted as follows:
Otherwise try to add
forced_allow_origin_valuelike this: