Reputation: 333
CORS error requesting php file on NGINX
I am making a POST request to NGINX but getting a CORS error:
Failed to load https://knode.work/save.php: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.knode.io' is therefore not allowed access.
On NGINX I have this in /etc/nginx/sites-available/default:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
add_header "Access-Control-Allow-Origin" *;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
add_header "Access-Control-Allow-Origin" *;
}
MORE INFO:
I've updated the NGINX configuration file. Please see the Gist at https://gist.github.com/jxxcarlson/c17f9d89e06f5804170a0e44236b9d9a
NGINX is not sending back the Access-Control-Allow-Origin header: http://noteimages.s3.amazonaws.com/uploads/Screenshot%202018-08-13%2008.38.52.png
Upvotes: 2
Views: 3060
Answers (1)
Reputation: 333
It turns out that one needs to install nginx-extras:
apt-get install nginx-extras
then configure /etc/nginx/sites-enabled/default using more_set_headers instead of add_headers, as in the listing below. With these changes, there are no CORS errors.
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
if ($request_method = 'OPTIONS') {
more_set_headers 'Access-Control-Allow-Origin: $http_origin';
more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD';
more_set_headers 'Access-Control-Max-Age: 1728000';
more_set_headers 'Access-Control-Allow-Credentials: true';
more_set_headers 'Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization';
more_set_headers 'Content-Type: text/plain; charset=UTF-8';
more_set_headers 'Content-Length: 0';
return 204;
}
location ~ /\.ht {
deny all;
}
}
Upvotes: 1
Related Questions
- Nginx PHP API CORS
- Angular-PHP CORS request blocked
- CORS issue on php built api
- Nginx/phpfpm CORS request not going through
- CORS with php (Wordpress)
- PHP syntax error results in a CORS error. Why?
- CORS ORIGIN ISSUE
- php api rest does not accept cors requests even using header ('Access-Control-Allow-Origin: *');
- Facing a CORS ERROR in local server
- CORS error in angularjs + PHP application