I'm running tests on a server using NGINX and PHP to run back-end services and I have a CORS problem
I have the following settings in nginx.conf:
#user nobody;
worker_processes 1;
# error_log /logs/error.log;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
# Format access.log
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
# Enable logs in access.log
access_log logs/access.log main;
# Enable error logs global
error_log logs/error.log info;
error_log logs/error.log notice;
error_log logs/error.log warn;
error_log logs/error.log error;
error_log logs/error.log alert;
error_log logs/error.log emerg;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
gzip on;
# Register logs in http
access_log logs/access.log main;
listen 80;
server_name localhost;
root C:\Users\Administrator\Desktop\proyecto\grownet\backend\public;
index index.php index.html index.htm;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# CORS in C:\nginx\conf\snippets\cors_config.conf
include 'snippets/cors_configs.conf';
fastcgi_pass 127.0.0.1:9123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
New changes
And here is the CORS setting
add_header 'Access-Control-Allow-Origin' '$http_origin' always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization, X-Requested-With';
It's not currently located in the 'snippets/cors_configs.conf' file, add the settings within nginx.conf exactly in 'location ~ .php${....}'
Now when running the service, I get new following error:
Access to XMLHttpRequest at 'http://example/api/categories/all' from origin 'http://localhost:3000' has been blocked by CORS >policy:Response to preflight request doesn't pass access control >check: The 'Access-Control-Allow-Origin' header contains multiple >values '*, http://localhost:3000', but only one is allowed.
Now I have a new error, I'm very confused as to why the source of that error. is it some problem on the frontend side or the person testing on my server has old headers that for that reason skipped those errors?
It's important to note that the problem isn't with the php code, since I have the same environment but in Apache server, with CORS configuration enabled so it has no blocks and it's fine. How can I set it up in nginx?
What do I have to do to avoid having multiple Access-Control-Allow-Origin problem?