I've an AngularJs form to send a file. When I send the file, the browser performs these requests:
OPTIONS http://localhost:3000/uploads
General
Request URL:http://localhost:8000/uploads
Request Method:OPTIONS
Status Code:200 OK
Remote Address:127.0.0.1:8000
Response Headers
view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Max-Age:1728000
Connection:keep-alive
Content-Length:0
Content-Length:0
Content-Type:text/plain charset=UTF-8
Content-Type:application/octet-stream
Date:Wed, 04 Jan 2017 10:59:49 GMT
Server:nginx/1.9.14
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Access-Control-Request-Headers:authorization
Access-Control-Request-Method:POST
Connection:keep-alive
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
GET http://localhost:3000/uploads
Request Headers
Request URL:http://localhost:8000/uploads
Request Method:GET
Status Code:301 Moved Permanently
Remote Address:127.0.0.1:8000
Response Headers
view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Connection:keep-alive
Content-Length:185
Content-Type:text/html
Date:Wed, 04 Jan 2017 10:59:49 GMT
Location:http://localhost/uploads/
Server:nginx/1.9.14
Request Headers
view source
Accept:*/*; q=0.5; application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Authorization:Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJ1c2VybmFtZSI6Im1hZG8iLCJpYXQiOiIxNDgzNTE5NjE2In0.PDcaO8bbX0_OFOhHHJEmao7ZL2d1piLKymVTC_NQNd37kWjZ2F0BZa7-lrbowApfkkbi-nRzPJAoWinEmxnrstJhvN1J59EvbyBuAXNCFdbP08g_8gUS8xPZML3wZW7HieUBwkmSERXpfo08SAzMiQL44j3vtPDLq9US1NBKJQa206YsPX4lWR_rRGxx34tTj_sKf5DSymrTr4ysNRWBuEHRCrvpbclk43kZTH1AgpZHC20nWdAr20uI5BKNNaoPo93wvyYsHx7ufu4zN7bDWfvbm6s_V6rVq0SGDlfzaBLGs1vyEieHOfwNb3gW_xRSYsjFSonvY0-ydWLn5Rzd-HgWMyTVCsD8T4O8esRJWI9hDfLGkzlp2E6RLNp4qn7DpQxQOp0uEq9xL51SaAQClhwlcu0y-ehvdARYPp745vuHxG-2JJOk6OpMF6Na7FTrWuG5nAtseAA-X7wj7julT8-2NxfZQABNMJ01qvNwaAgBCtncFJgxfAzQB33kbN4hSCJ231sfQXAXU164H3fBITM1NP6b37RGrouF8D5RlgW1ErZbVkNN35a8eCKnXbbz9Sb009wEGltLvo9PHs-BxDP2L3bUzmbAYuqSpXogFmCGXF_FMM5mSidyZ_G-xKzdPoTm5NYLypXasZLG_ewzjxA4XOV5AUTjeM5hS0_xpPY
Connection:keep-alive
Content-Length:173290
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryQp4O7XmLdhbDlNMv
Cookie:selectedTheme=default; io=Scufsf96pJqb8wa7AAAE
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
POST http://localhost:8000/uploads
Request headers
Request URL:http://localhost:8000/uploads
Request Method:POST
Status Code:301 Moved Permanently
Remote Address:127.0.0.1:8000
Response Headers
view source
Accept:*/*
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address
Access-Control-Allow-Methods:GET, POST, OPTIONS
Access-Control-Allow-Origin:http://localhost:3000
Connection:keep-alive
Content-Length:185
Content-Type:text/html
Date:Wed, 04 Jan 2017 10:59:49 GMT
Location:http://localhost/uploads/
Server:nginx/1.9.14
Request Headers
view source
Accept:*/*; q=0.5; application/json
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8
Authorization:Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJ1c2VybmFtZSI6Im1hZG8iLCJpYXQiOiIxNDgzNTE5NjE2In0.PDcaO8bbX0_OFOhHHJEmao7ZL2d1piLKymVTC_NQNd37kWjZ2F0BZa7-lrbowApfkkbi-nRzPJAoWinEmxnrstJhvN1J59EvbyBuAXNCFdbP08g_8gUS8xPZML3wZW7HieUBwkmSERXpfo08SAzMiQL44j3vtPDLq9US1NBKJQa206YsPX4lWR_rRGxx34tTj_sKf5DSymrTr4ysNRWBuEHRCrvpbclk43kZTH1AgpZHC20nWdAr20uI5BKNNaoPo93wvyYsHx7ufu4zN7bDWfvbm6s_V6rVq0SGDlfzaBLGs1vyEieHOfwNb3gW_xRSYsjFSonvY0-ydWLn5Rzd-HgWMyTVCsD8T4O8esRJWI9hDfLGkzlp2E6RLNp4qn7DpQxQOp0uEq9xL51SaAQClhwlcu0y-ehvdARYPp745vuHxG-2JJOk6OpMF6Na7FTrWuG5nAtseAA-X7wj7julT8-2NxfZQABNMJ01qvNwaAgBCtncFJgxfAzQB33kbN4hSCJ231sfQXAXU164H3fBITM1NP6b37RGrouF8D5RlgW1ErZbVkNN35a8eCKnXbbz9Sb009wEGltLvo9PHs-BxDP2L3bUzmbAYuqSpXogFmCGXF_FMM5mSidyZ_G-xKzdPoTm5NYLypXasZLG_ewzjxA4XOV5AUTjeM5hS0_xpPY
Connection:keep-alive
Content-Length:173290
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryQp4O7XmLdhbDlNMv
Cookie:selectedTheme=default; io=Scufsf96pJqb8wa7AAAE
Host:localhost:8000
Origin:http://localhost:3000
Referer:http://localhost:3000/stocksellout/detail/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
Request Payload
------WebKitFormBoundaryQp4O7XmLdhbDlNMv
Content-Disposition: form-data; name="importFiles"; filename="Clio.jpeg"
Content-Type: image/jpeg
------WebKitFormBoundaryQp4O7XmLdhbDlNMv--
I've also configured my Nginx with:
location /uploads {
if ($request_method = 'OPTIONS') {
add_header 'Accept' '*/*';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 200;
}
if ($request_method = 'POST') {
add_header 'Accept' '*/*';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
}
if ($request_method = 'GET') {
add_header 'Accept' '*/*';
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Request URL,Request Method,Status Code,Remote Address';
}
}
I always get same error:
XMLHttpRequest cannot load http://localhost:8000/uploads. Redirect from 'http://localhost:8000/uploads' to 'http://localhost/uploads/' has been blocked by CORS policy: Request requires preflight, which is disallowed to follow cross-origin redirect.
I've NelmioCorsBundle:
270 nelmio_cors:
1 defaults:
2 allow_credentials: false
3 allow_origin: []
4 allow_headers: []
5 allow_methods: []
6 expose_headers: []
7 max_age: 0
8 hosts: []
9 origin_regex: false
10 paths:
11 '^/':
12 allow_origin: ['*']
13 allow_headers: ['*']
14 allow_methods: ['POST', 'PUT', 'PATCH', 'GET', 'DELETE', 'OPTIONS', 'LINK', 'UNLINK']
15 max_age: 3600
Can someone explain me what's wrong? Why I cannot upload files? What's wrong in my configuration?