symfony2 REST, AngularJs access-Control-Allow-Origin

I had a similar problem with NelmioCorsBundle, I solved with this settings:

nelmio_cors:    paths:        '^/api/':            allow_origin: ['*']            allow_headers: ['*']            allow_methods: ['POST', 'PUT', 'GET', 'DELETE','OPTIONS']            max_age: 3600

if you are using chrome you should better get your mind of it working on a localhost ip. a common approach is to reverse proxy localhost into a custom local domain like your-domain.com (for this you would have to use a web server like apache or nginx), reverse proxy all connections to your 127.0.0.1:9000 ip, have an alias in /etc/hosts for 127.0.1.1 your-domain.com and just read the symfony documentation for adding custom headers to your ajax request. i am assuming here you have your ajax routes connected to a controller, a common example would be returning an array of headers as the third parameter

return new Response($json, 201, array('Access-Control-Allow-Origin' => '*', 'Content-Type' => 'application/json'));

i wouldn't complicate myself much and use 3rd party plugins that i have no control of. hope this helps, it's documented in the symfony cookbook (http://symfony.com/doc/current/book/http_fundamentals.html)

allow_headers: '*' solved my issue:

nelmio_cors:    paths:        '^/api/':            ...            allow_headers: '*'            ...

For me the error was logged as Unauthorized header content-type thrown by NelmioCorsBundle. (I'm Using standard Angular $resource + Symfony + NelmioCorsBundle setup)

NelmioCorsBundle by default only allows 'accept', 'accept-language', 'content-language' and 'origin' (see https://github.com/nelmio/NelmioCorsBundle/blob/1.4.0/EventListener/CorsListener.php#L32)

The error is thrown here:https://github.com/nelmio/NelmioCorsBundle/blob/1.4.0/EventListener/CorsListener.php#L158

--

PS: be aware of the security hole you might open with allowing any origin (*)