api-platform icon indicating copy to clipboard operation
api-platform copied to clipboard
verified publisher icon api-platform

No 'Access-Control-Allow-Origin' header only for some clients

Open sta2m opened this issue 4 years ago • 3 comments

API Platform version(s) affected: 2.6

Description
I've a problem with my API Platform application. Initially with nelmio, but I thinking if the problem can be with API Platform.

Delivered in production in november 2021. All is ok. Since somes days, my clients cannot login. After some investigation, I found this error :

"Access to fetch at 'https://api.--.com/login_check?' from origin 'https://www.--****.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

The front is on www.--.com and the api is on : api.--******.com

I don't reproduce the problem on my PC. Tested on Linux / Windows / Android & Chrome / Chromium / Opera. No problem.

For my clients, which test on multiple computer, with Chrome and Opera on Windows the error is always here. Seems to be ok on Android.

My nelmio config seems to be ok :

nelmio_cors: defaults: origin_regex: true allow_origin: ['%env(CORS_ALLOW_ORIGIN)%'] allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'] allow_headers: ['Content-Type', 'Authorization'] expose_headers: ['Link'] max_age: 3600 paths: '^/': null

with :

CORS_ALLOW_ORIGIN='^https?://(www.--.com|--.com)(:[0-9]+)?$'

I tried this :

nelmio_cors: defaults: origin_regex: false allow_origin: [''] allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE'] allow_headers: [''] expose_headers: ['*'] max_age: 3600 paths: '^/': null

And same problem.

The front end is in React with Nextjs.

Any idea why this bug on some clients but not on my PC ? An error in my config ? API Platform can be in cause ?

Thanks for any help, It's hot for me ;)

Initial issue on Nelmio : https://github.com/nelmio/NelmioCorsBundle/issues/174

sta2m avatar Jan 28 '22 08:01 sta2m

Same problem. Working on my wifi network but doesn't work on other wirelesses...

n3verlate avatar Feb 14 '22 14:02 n3verlate

The same thing happens to me, sometimes the same requests happen and other times this error pops up

leotorres9286 avatar Feb 21 '22 05:02 leotorres9286

no solution? There is a CORS error when I am connected to a vpn for example

n3verlate avatar Apr 19 '22 22:04 n3verlate