Getting:
Failed to load http://localhost:3030/api/auth/login: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000 ’ is therefore not allowed access.
I’m using the Cors middleware defined in the Slim docs. I don’t get any of the headers back that are set on the response.
Using Nuxt/Axios on client.
Headers added:
$response
->withHeader('Access-Control-Allow-Origin', 'http://localhost:3000, http://localhost:3030')
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization, Access, Host')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
Also worth noting, works fine with Postman.
I saw some similar posts but never really saw an actual solution.
1 Like
odan
July 26, 2018, 9:10am
2
Hi! Can you please try this CORS middleware?
use Slim\Container;
use Slim\Http\Request;
use Slim\Http\Response;
// CORS preflight middleware
$app->add(function (Request $request, Response $response, $next) {
if ($request->getMethod() !== 'OPTIONS') {
return $next($request, $response);
}
$response = $next($request, $response);
$response = $response->withHeader('Access-Control-Allow-Origin', '*');
$response = $response->withHeader('Access-Control-Allow-Methods', $request->getHeaderLine('Access-Control-Request-Method'));
$response = $response->withHeader('Access-Control-Allow-Headers', $request->getHeaderLine('Access-Control-Request-Headers'));
return $response;
});
1 Like
odan:
->add(function (Request $request, Response $response, $next) { if ($request->getMethod() !== ‘OPTIONS’) { return $next($request, $response); } $response = $next($request, $response); $response = $response->withHeader(‘Access-Control-Allow-Origin’, ‘*’); $response = $response->withHeader(‘Access-Control-Allow-Methods’, $request->getHeaderLine(‘Access-Control-Request-Method’)); $response = $response->withHeader(‘Access-Control-Allow-Headers’, $request->getHeaderLine(‘Access-Control-Request-Headers’)); return $response; });
I get this:http://localhost:3030/api/auth/login 500 (Internal Server Error)http://localhost:3030/api/auth/login: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000 ’ is therefore not allowed access. The response had HTTP status code 500.
For some reason it causes the controller to 500.
It turns out it was the exception I throw for invalid content. I guess the response from a custom error handler doesn’t pass through the cors middleware so I add it in the handler as well. shrug
1 Like
Cors I went with:
$response = $response->withHeader('Access-Control-Allow-Origin', getenv('CLIENT_URL'))
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
if ($request->getMethod() === 'OPTIONS') {
return $response->withStatus(200);
}
$response = $next($request, $response);
return $response;
and add this in my invoke of my handler:
$response = $this->addHeaders($response);
and this method
protected function addHeaders(Response $response)
{
$response = $response->withHeader('Access-Control-Allow-Origin', getenv('CLIENT_URL'))
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
return $response;
}
In case anyone has these issues… also have to add them in your NotFoundHandler as well. Lesson learned!
1 Like
Thank you helped my too. I was using Axios and Vue JS…