NelmioCorsBundle
NelmioCorsBundle copied to clipboard
nelmio
he 'Access-Control-Allow-Origin' header contains multiple values '*, http://localhost', but only one is allowed.
XMLHttpRequest cannot load http://liveboard-dev.locastic.com/api/v1/login. The 'Access-Control-Allow-Origin' header contains multiple values '*, http://localhost', but only one is allowed. Origin 'http://localhost' is therefore not allowed access.
nelmio_cors:
paths:
'^/api/':
allow_origin: ['*']
allow_headers: ['*']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
max_age: 3600
After Google Server Side login I got one time code from popup window and with callback function when trying to get login method I got this error
The Access-Control-Allow-Origin header is actually returning whatever origin was sent to it (see code) so if you get an invalid one like that I'd say it's because the origin header of the request was set incorrectly.
@antonioperic Afaik you can’t combine * with other values. Either use just * or list all domains individually.
@Seldaek @hacfi this is error I got
"NetworkError: 400 Bad Request - http://api.peribian.com/api/v1/login" login Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.peribian.com/api/v1/login. (Reason: CORS preflight channel did not succeed). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.peribian.com/api/v1/login. (Reason: CORS request failed).
and this is nelmio config
nelmio_cors:
paths:
'^/api/':
allow_origin: ['http://app.peribian.com']
allow_headers: ['Authorization, X-Requested-With, Content-Type, Accept, Origin']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
max_age: 3600
I am trying from app.peribian.com get api.peribian.com/api/v1/ but keep getting that error
screenshot:http://take.ms/GKtoS
@antonioperic Check the php error log / Symfony error log. I don’t think there is an issue with this bundle but I could be wrong.
Your allow_headers config is wrong, you're having one big string with commas there, while it should be an array of header strings, i.e.:
allow_headers: ['Authorization', 'X-Requested-With',
'Content-Type', 'Accept', 'Origin']
I faced the same issue when I had CORS configured on the Apache side and with this bundle. I removed the apache configuration to get this to work.
Symfonys boiler plate nginx config has the line - add_header 'Access-Control-Allow-Origin' '*';
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
add_header 'Access-Control-Allow-Origin' '*';
fastcgi_pass php:9000;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
Comment out the line - add_header 'Access-Control-Allow-Origin' '*';
This will not add the additional 'Access-Control-Allow-Origin' header to the response header
@armourjami but does symfony has a boilerplate nginx conf file? if so... where? also, i was in prod env when this happened to me. after i've downgraded the nelmio bundle i got rid of the problem.
