I have a laravel app which is running behind nginx proxy manager. The laravel app is running inside a docker container and nuxt frontend is also running inside another docker container. Laravel is using fortify, sanctum packages for authentication and session validation.
The issue is that when i try to login using a fake user. then all preflight request, get request works perfectly fine. but when i try to make a post request for login, then it seems to work perfectly fine. as response status is 200 as in header. but says that Access Control Allow Origin header is missing, which causes no response to show up.
what i am missing. where is the issue? this seems to be a common problem.
methods to reproduce.
- try to login with any email id & password, which ideally should throw 422 error along with validation error messages. but instead comes 200 with no script/ cors error
I have already tried.
- i added following in my laravel nginx deployment configuration which seems to solve post problem but then when user details is fetched using
/api/user(default sanctum user). then 401 issue comes. this doesn't seem to be a valid answer. (
location / {
try_files $uri $uri/ /index.php?$query_string;
if ( $request_method = POST ) {
add_header 'Access-Control-Allow-Origin' 'https://codalay.in';
add_header 'Access-Control-Allow-Credentials' 'true';
}
}
- another way i tried is i added following code in api.codalay.in's reverse proxy nginx configuration . then cors error changes
# custom headers required for cors issues for laravel.
add_header Access-Control-Allow-Origin origin;
add_header Access-Control-Max-Age 3600;
add_header Access-Control-Expose-Headers Content-Length;
add_header Access-Control-Allow-Headers Range;
and throws
Reason: CORS header 'Access-Control-Allow-Origin' does not match 'https://codalay.in'
I am trying to fix this issue from 10 days. please help
