What can be reason I got CORS error but it was actually NOT a CORS error? Please refer to the following pictures to see what I mean:
The console output the error that the request has been blocked by CORS policy:No 'Access-Control-Allow-Origin' header is present on the requested resource.
BUT actually that was not the case. The 'Access-Control-Allow-Origin' header is in response header.
This is because the php code writes,
$response->header('Access-Control-Allow-Origin', $request->server('HTTP_ORIGIN'));
which is basically the same as Access-Control-Allow-Origin:*
But for that error request, the response is, i.e. no response.
The reason is actually the php process was hang by PHP Fatal error: Allowed memory exhausted
I had assumed in this case I would got a 504 Gateway timeout, i.e. no response from upstream. But why did console output CORS error instead?
You are looking into successful response from server that do contains correct CORS header.
Check headers of failed request. Since it's internal PHP error (reached memory limit) your code that adds CORS is never reached.
So in the end: