Slim framework middleware cors give page isnt working


I am very new to slim framework so below is the exact steps I did in the /varr/www/html for apace on centos 7 with php7.

  1. composer create-project slim/slim-skeleton

  2. rename is to apiv1

  3. chown -R apache:apache apiv1

  4. Going back to main directory I installed all these.

    composer require firebase/php-jwt
    composer require tuupola/base62
    composer require tuupola/slim-basic-auth
    composer require tuupola/slim-jwt-auth
    composer require tuupola/cors-middleware

  5. Then in my public folder in my .htacess I have this.

    RewriteEngine On

    RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.)::\2$
    RewriteRule ^(.
    ) - [E=BASE:%1]

    RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [QSA,L]

  6. I am following the link here

I notice when in the middleware I enable this section.

$app->add(new \Tuupola\Middleware\Cors([
    "logger" => $container["logger"],
    "origin" => ["*"],
    "methods" => ["GET", "POST", "PUT", "PATCH", "DELETE"],
    "headers.allow" => ["Authorization", "If-Match", "If-Unmodified-Since"],
    "headers.expose" => ["Authorization", "Etag"],
    "credentials" => true,
    "cache" => 60,
    "error" => function ($request, $response, $arguments) {
        return new UnauthorizedResponse($arguments["message"], 401);

Everything fails to work and I get page isnt working and nothing in log files. I even tried e.g. credentials to be false. For time being this the settings in JwtAuthentication.php I set this to false.

private $options = [
“secure” => false,

What else can I do to enable it working fine ?


I added this to my routes.php in order for CORS to work

$app->options('/{routes:.+}', function ($request, $response, $args) {
return $response;

$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
        ->withHeader('Access-Control-Allow-Origin', '*')
        ->withHeader('Access-Control-Allow-Credentials', 'true')
        ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization, token')
        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');