Search code examples
javascriptvue.jsaxioscorsddev

OPTIONS Request made to domain root (/) on ddev nginx throws a 405 - We see access.log but the request is not forwarded to index.php

Edit

Corrected a couple of assumptions with more testing (and altered title to reflect). The issue seems to be specific to the nginx config on DDev, with the server not correctly passing "OPTIONS / HTTP/1.1" requests to the web root (despite all pathing and postman requests working fine).

further edit

Refined question to best be found for those with the same issue.

Q: Whats happening?

Requests OPTIONS made from a JavaScript frontend, using Axios, to the root level domain (e.g. https://domain.ddev.site) fail with a CORS 405 OPTIONS not allowed error, despite all OPTIONS requests to paths working fine.

Q: You can't be allowing the OPTIONS request then

That's just it, I am. All pathed requests work fine (i.e. https://domain.ddev.site/path). When making a request to the domain root, Axios throws the 405 for options but the request never reaches the index.php file. We see the access request in the nginx access.log

Q: Any other info?

Axios version: "axios": "^0.21.1",

  • We're stuck with Node 16 for now (no, thats not going to change).
  • Testing with ddev and Xdebug to watch the requests
  • Nothing in logs
  • Console throws CORS:

Access to XMLHttpRequest at 'https://domain.ddev.site/' from origin 'http://domain.ddev.site:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  • Appears to maybe be an nginx issue.
Solution

  • The issue it turns out is specific to the nginx configuration being used with DDev.

    the inclution of the $uri/ element in the location try_files configuration results in a failier to correctly route OPTIONS requests made to the base domain onwards to the application.

    As it turns out, $uri/ is in general not required for most modern web applications due to the almost ubiquitous use of a single exposed index file to handle all requests made to an application. As such, it can be safely removed, resolving the issue.

    See Discussion here: https://github.com/serversideup/docker-php/issues/89

    The specific fix is simple.

    In the .ddev/nginx_full/nginx-site.conf file change:

    location / {
    absolute_redirect off;
    try_files $uri $uri/ /index.php?$query_string;
}

    to

    location / {
    absolute_redirect off;
    try_files $uri /index.php?$query_string;
}

    You will also need to remove the ##ddev generated comment at the top of the file to prevent the file being overwritten again.

    Then restart ddev

    ddev restart

    and that should solve the issue.