I am trying to figure out what is happening with a long standing function that is now encountering a CORS error: "Access to XMLHttpRequest at ‘http://apiserver/api/restaurants/’ from origin ‘http://frontendserver’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: Redirect is not allowed for a preflight request."
There are no other CORS errors appearing on the site. Anytime we’ve encountered CORS errors in the past it’s been due to a 500 error on the server that was resolved and then the CORS errors went away. This was one of the first functions we created and has had no recent changes, and still works locally.
I’ve done the following requester->server pairings:
- Online Front-End server -> online api server (Fails with CORS Error)
- Local FE server -> online api server (Fails with CORS Error)
- Local FE server -> local api server (Success, suggests no issue with code?)
- Postman request with same data/bearer token -> online api server (Success! But why?)
That last one is what confuses me most. I’ve been flip flopping between ‘There must be a code error, otherwise there would be CORS issues in other functions’ and ‘There must be a genuine CORS issue of some type going on, otherwise the Postman wouldn’t be able to reach the function’.
Our api server is running Apache/2.4.41 (Ubuntu) and Laravel 7. The laravel CORS config file should be set up correctly, ‘paths’ => [‘api/*’], *’s everywhere else that’s relevant.
I am at a loss as to where to go next. Any suggestions would be greatly appreciated.