-2

I have create a REST API using PHP Lumen framework to which I removed all CORS restriction for development using:

// Enable CORS on all API routes
header('Access-Control-Allow-Origin: *');
header("Access-Control-Expose-Headers: Content-Length, X-JSON");
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Authorization, Lang, Content-Type, X-Auth-Token');

Then on the frontend I use the library superagent to call it . For example I call the route POST http://127.0.0.1:8000/auth/register:

superagent.post('http://127.0.0.1:8000/auth/register').send({
  name: 'name',
  email: 'test@test.test',
  password: '1234Test'
}).type('application/json')
  .end((err, res) => {
    console.log(res)
    console.log(err)
  })

Sadly I get a CORS error message that I can't understand:

Access to XMLHttpRequest at 'http://127.0.0.1:8000/auth/register' from origin 'http://localhost:9000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

I make some research but I can't find anything for the error It does not have HTTP ok status and testing this same request on Postman give me no error but the normal behaviour.

Have someone an idea how I can solve it? Where I can find some documentation about this type of error?

johannchopin
  • 13,720
  • 10
  • 55
  • 101
  • 1
    `OPTIONS` request is not returning `200 OK`. – m1k1o Mar 22 '20 at 12:18
  • @M1K1O Oh thanks any idea how I can fix that ? It's on the server side right? It's something with PHP in general or it come from Lumen framework? – johannchopin Mar 22 '20 at 12:58
  • @johannchopin — Start by looking at what response it gets, then you can start to figure out why. – Quentin Mar 24 '20 at 12:10
  • @Quentin `It does not have HTTP ok status` ok but I never come across this type of error and on Postman I don't get this error but the normal behaviour of my request. I just want to understand it. How do I return a `200 OK`? I really don't know where to start please. – johannchopin Mar 24 '20 at 12:14
  • @johannchopin — You've already said that it isn't OK. If it isn't OK then it has to be something else. Look at what that is. Then you can start to figure out why. – Quentin Mar 24 '20 at 12:21
  • @Quentin Here is another problem. If I go in the devtool in section `Network` I see my request failed but there is no response that I can read it's written `Failed to load response data` – johannchopin Mar 24 '20 at 12:31
  • would you be able to show the code of the /auth/register – Bharat D Bhadresha Mar 24 '20 at 12:31
  • @BharatDBhadresha This route is not protected by an `auth` so problem come not from here. :/ – johannchopin Mar 24 '20 at 12:36
  • 2
    @johannchopin You are sure that the problem is not there, but sometimes the minions who complete your code at night when you are asleep would make some mistakes. So please provide us with the specific code and also a screenshot of the network+console with error. We can only help if we know what is going on in the code. – Bharat D Bhadresha Mar 24 '20 at 12:44

1 Answers1

3

I'm quite curious why you're setting the headers "manually" on your own rather than using some existing and proven CORS-Middlwares which will do all the magic for you. I would avoid reinventing the wheel unless you need it for study-cases.

Here is a duplicate on stackoverflow:

Enable CORS in lumen

Here is the official documentation about lumen middlewares:

https://lumen.laravel.com/docs/7.x/middleware

Here are some well structured and known middlewares which will do the job for you:

Christoph Kluge
  • 1,947
  • 8
  • 23
  • 1
    Oh waow man thanks for your research I don't understand why I missed this SO response. I validated your answer and upvoted it. But if I give you the bounty, would you be kind enough to give it to this answer https://stackoverflow.com/a/49832833/8583669 ? It's up to you to do it, but I'll be very grateful and you will earn the `Altruist` badge ;) – johannchopin Mar 24 '20 at 16:54
  • 1
    @johannchopin fair enough, glad I was able to help. I was thinking today about getting the badge and was looking for questions. This seems the perfect moment for it. – Christoph Kluge Mar 24 '20 at 17:07
  • 1
    By the way: What do you think about the `Peer Pressure` badge? Since your question is a "duplicate" I will down vote it (to -3 downvotes) before you may delete it to earn it. As soon as I will receive the bounty I will proxy to the linked question. – Christoph Kluge Mar 24 '20 at 17:12
  • Ok let's do it in 18h ;) – johannchopin Mar 24 '20 at 18:44
  • I'm not sure if I will be online in 18h. Anyway I started the bounty already, independently if you reward me or delete your question here ;) – Christoph Kluge Mar 25 '20 at 08:00
  • @johannchopin but before you delete your question I would be happy to receive the bounty unless you changed your mind ;) – Christoph Kluge Mar 25 '20 at 17:58