-1

This cors issue will be the death of me. Anyways I am trying to trouble shoot why the spatie/cors package works locally but does not in production. If anybody has experience with this I would appreciate the help!! I am trying to access my backend but getting an alarm saying

my url has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request
apokryfos
  • 38,771
  • 9
  • 70
  • 114
TJ Weems
  • 1,086
  • 3
  • 21
  • 37
  • Do you have something like a HTTP --> HTTPS redirect in place, perhaps? – ceejayoz Dec 21 '18 at 17:11
  • to be honest I am not sure. The certificate was generated using `LetsEncrypt` and it didn't give me any details of the certificate. – TJ Weems Dec 21 '18 at 17:24
  • The issue wouldn't be with the certificate, or Let's Encrypt. It'd be your webserver config or application trying to redirect requests from HTTP to HTTPS. Take a look at the network panel in your browser's developer tools - I suspect you'll see the `OPTIONS` request in there getting a 301/302 response. – ceejayoz Dec 21 '18 at 17:26
  • I am not getting anything in my network tab of my console. when I refresh it just shows the resources loaded. – TJ Weems Dec 21 '18 at 17:37
  • If the console is showing a failed request, there should be *something* in the network tab that corresponds. Perhaps you can share the URL? – ceejayoz Dec 21 '18 at 17:38
  • @ceejayoz, aewcpa.traxit.io – TJ Weems Dec 21 '18 at 18:09
  • @TJWeems try to insert into your main app HTML header with this `` – JsWizard Dec 22 '18 at 17:19
  • @Magnetic do you mean on my front end app that is making the requests? Should I include it in my axios header as well? – TJ Weems Dec 22 '18 at 18:08
  • @TJWeems, yes try it if you use Laravel backend. You could success in local, but you shouldn't in production, because that is different browser. Please learn with this link firstly, https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS and check your correct reference back-end link in front-end, also check this link https://github.com/spatie/laravel-cors if you didn't added it. Good luck~:) – JsWizard Dec 22 '18 at 23:07

1 Answers1

1

Your URL https://aewcpa.traxit.pro/api/account is returning a 301 redirect to https://traxit.pro/api/account for the CORS OPTIONS request, which is causing this issue.

You can see this in action in your browser's network console, or with cURL:

enter image description here

curl -I 'https://aewcpa.traxit.pro/api/account' -X OPTIONS -H 'Access-Control-Request-Method: GET' -H 'Referer: https://aewcpa.traxit.io/login' -H 'Origin: https://aewcpa.traxit.io'

HTTP/2 301 
server: nginx/1.15.6
date: Fri, 21 Dec 2018 18:14:36 GMT
content-type: text/html
content-length: 169
location: https://traxit.pro/api/account
ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • so is the a configuration issue on my nginx server or the code of my project? Im sorry I am just don't have much experience with network issues – TJ Weems Dec 21 '18 at 18:16
  • The redirect's HTML returned by `https://aewcpa.traxit.pro/api/account` does look like it's nginx doing the redirect to me. Laravel's redirects look different. – ceejayoz Dec 21 '18 at 18:18
  • okay, well I am using forge to host the site which is actually using digital ocean. are there options in digital ocean for nginx server to handle such requests? – TJ Weems Dec 21 '18 at 18:30
  • I'm not enormously familiar with Forge, but my understanding is it configures things like nginx for you. I'd suspect something's going on where it's configured to canonicalize your URLs based on the value of `APP_URL`. – ceejayoz Dec 21 '18 at 18:35
  • Yeah I don't know. I just don't understand why it would work in my local enviroment and not in production. I have tried explicitly placing the url in my access origin with no change. – TJ Weems Dec 21 '18 at 20:21
  • I added `*.myurl.com` to the nginx config file located in laravel forge which solved the 301 moved permantly issue. Now I am trying to figure out 405 alarm lol – TJ Weems Dec 24 '18 at 02:01