This API built with Symfony API-Platform is throwing a strange CORS error ( aren't they all? :)).
The front-end is a Nextjs app that I have currently at Heroku at https://milesofwork-client.herokuapp.com/.
I can access the API without errors from my location ( France ), but when an user attempts to do it from Canada ( we simulated from elsewhere with the same issue ), it will throw CORS error as below:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.magnaid.com/api/graphql. (Reason: CORS request did not succeed).
I am kind of used to CORS either working or not, but never heard of it not working depending on location.
Additionally, the preflight graphql request seems to work fine - even outside France - but the actual request fails.
This is the preflight request/response - accessing from Canada with TunnelBear.Note that the Headers are sent just fine.
And this is the actual request that throws the error:
On .htaccess I have the following concerning CORS ( I know I should not use allow-origin *, but the important thing at this stage is to get it working )
Header add Access-Control-Allow-Origin "*" Header add Access-Control-Allow-Headers "content-type, authorization" Header add Access-Control-Allow-Methods "GET, OPTIONS, POST, PUT, PATCH, DELETE" Header add Access-Control-Max-Age "3600"