Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request in firefox returns access-control-allow-origin: null #135

Open
ghost opened this issue Oct 16, 2019 · 3 comments
Open

Request in firefox returns access-control-allow-origin: null #135

ghost opened this issue Oct 16, 2019 · 3 comments

Comments

@ghost
Copy link

ghost commented Oct 16, 2019
edited by ghost

I've got a pretty much default setup.

nelmio_cors:
    defaults:
        origin_regex: true
        allow_origin: ['https://localhost:8080']
        allow_methods: ['OPTIONS', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE']
        allow_headers: ['Content-Type', 'Authorization']
        expose_headers: ['Link']
        max_age: 3600
    paths:
        '^/': ~

When i make a request from Chrome, the headers are set as expected:

access-control-allow-headers: content-type, authorization
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-origin: https://localhost:8080
access-control-max-age: 3600

But when I make the exact same request from Firefox, the following headers are return:

access-control-allow-headers: content-type, authorization
access-control-allow-methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
access-control-allow-origin: null
access-control-max-age: 3600

How can the result for allow-origin be null in this case?

FYI, the request headers from FF look like this:

Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://127.0.0.1:8080
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
@nehmalho
Copy link

hi facing same issue in FF, chrome and edge header appending properly. Any reason why access-control-allow-origin is null in Firefox and change to do.

@botjaeger
Copy link

Encountered this same exact issue now.

@Seldaek
Copy link
Member

Seldaek commented Feb 15, 2023

You mentioned the request header on Firefox is Origin: https://127.0.0.1:8080 - what is Chrome sending as Origin header? I imagine this might be the issue.. as your allow_origin is https://localhost:8080 it may not match it if firefox sends the IP. So in development if you don't use a hostname I'd suggest adding both the local IP and localhost to the allow_origin array.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Seldaek @botjaeger @nehmalho