-1

What can be reason I got CORS error but it was actually NOT a CORS error? Please refer to the following pictures to see what I mean:

The console output the error that the request has been blocked by CORS policy:No 'Access-Control-Allow-Origin' header is present on the requested resource.

CORS error

BUT actually that was not the case. The 'Access-Control-Allow-Origin' header is in response header.

CORS

This is because the php code writes, $response->header('Access-Control-Allow-Origin', $request->server('HTTP_ORIGIN')); which is basically the same as Access-Control-Allow-Origin:*

But for that error request, the response is, i.e. no response.

CORS error2

The reason is actually the php process was hang by PHP Fatal error: Allowed memory exhausted

PHP Fatal error

I had assumed in this case I would got a 504 Gateway timeout, i.e. no response from upstream. But why did console output CORS error instead?

Qiulang
  • 10,295
  • 11
  • 80
  • 129

1 Answers1

2

You are looking into successful response from server that do contains correct CORS header.

Check headers of failed request. Since it's internal PHP error (reached memory limit) your code that adds CORS is never reached.

So in the end:

  1. Server fails to add CORS headers on 5XX error
  2. Browser blocks response processing because of missing CORS
Justinas
  • 41,402
  • 5
  • 66
  • 96
  • Thanks. So I should just add `add_header 'Access-Control-Allow-Origin' "$http_origin";` in my nginx.conf instead doing that in my php codes, right? – Qiulang Apr 29 '22 at 09:09
  • Yes, if you allow any origin. If it's pre-defined list of origins, then you must rely on other ways – Justinas Apr 29 '22 at 09:15