CORS issue after server migration

[benhartwich]

How Shlink is set-up

• Shlink Version: 2.8.1
• PHP Version: 7.4.23
• How do you serve Shlink: Self-hosted nginx
• Database engine used: MariaDB (10.5.12)

Summary

My self hosted shlink web can´t connect to my self shlink server - I justed moved the service from one server so another und updated to the latest version. It seems to be a CORS issue, but CORS is enabled at the server:

Access to XMLHttpRequest at 'https://lifr.at/rest/v2/health' from origin 'https://app.lifr.at' has been blocked by CORS policy: Request header field x-api-key is not allowed by Access-Control-Allow-Headers in preflight response

I don´t know what´s wrong as it worked on the other server with nginx, same distro und php version. My nginx conf:

`server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name lifr.at www.lifr.at;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
ssl_certificate /etc/letsencrypt/live/lifr.at/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lifr.at/privkey.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header 'Access-Control-Allow-Origin' * always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;
root /srv/customers/liferadio/websites/shortener/htdocs/shlink/public;
index index.html index.php;
#include static.conf;
charset utf-8;

    location / {
            try_files $uri $uri/ /index.php$is_args$args;
    }

    rewrite ^/(vendor|translations|build)/.* /index.php break;

    location ~ \.php$ {
            include /etc/nginx/fastcgi_params;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php/php7.4-fpm-www-liferadio.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PHP_VALUE "display_errors=on";
    }

    location ~ /\.ht {
            deny all;
    }

}
`

[acelaya]

It's hard to tell. I have never tried serving via http2. Not sure if it's somewhat related.

Also, Shlink will add all the CORS headers automatically. Maybe try removing them from nginx config?

[benhartwich]

I´ve disabled http2 and removed cors header, but doesn´t seem to be related. Worked before with http2. It seems that also the server doesn´t redirect anymore. I´ve tested a few known redirects but nothing happens. Very strange.

[benhartwich]

OK, it works with php8.0 instead of php7.4.

[acelaya]

I didn't notice that.

Yeah, Shlink 2.8 no longer supports PHP 7.4