I'm a bit new to PHP, so apologies if the question is a bit birdbrained.
I'm setting up a server environment for an application. It's working fine locally, but the browser continues to throw the following CORS error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [[route URL]]. (Reason: CORS preflight response did not succeed). Status code: 500.
This is on Firefox and the preflight is an OPTIONS request. It seems to me the server's actual problem is with it being an OPTIONS request, rather than CORS? However I can't quite investigate it because the error is bypassing all my attempts at logging a stacktrace. Tried creating a global middleware which didn't work. Also tried to include an error_log in the report and render methods in the Handler.php file to no avail. In all the attempts, the logging doesn't happen at all.
How else can I try to intercept the error?
First off: Make sure the remote resource is accessible through Firefox (using GET) without throwing a certificate warning or any other error.
If the server is running an Apache web server and you want to allow CORS but prevent OPTIONS requests from reaching your app, you can use the following .htaccess contents:
The first block allows cross-origin resource sharing for POST, GET and OPTIONS request, the second block redirects all OPTIONS requests to a non-existent file and always returns a 204 with no content.
If you need to troubleshoot further, I'd suggest to use a tool like Postman to manually send OPTIONS requests and evaluate headers and contents returned.