Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
So I have project using the spatie/cors package, and on my local machine it works fine, but on my production server any request I make by api returns a 301 alarm, and this message
has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
The application is actually hosted by Digital Ocean, and I am wondering if anybody has had any issues with this set up on nginx server, and what I should do about it?
DId you use the correct domain names in the allow_origins configuration?
It also seems that you return a redirect to your api endpoint which is not from the same host. Whenever that happens you get this error message. For more information see: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSExternalRedirectNotAllowed
@BOBBYBOUWMANN - thanks for help! My issue actually ended up being with nginx config file on laravel forge. I was getting a 301 permanently moved alarm because the server was only set up to listen for requests to my main domain myurl.com. once I added *.myurl.com for wildcard subdomains it resolved my issue.
Glad to you hear you fixed it! This is definitely something I had in the beginning with Forge as well :)
Please or to participate in this conversation.