So I added the Corsica plug before my router in my endpoint.ex file:
plug Corsica, origins: "*" plug RealtimeWeb.Router
Now my frontend is a Reactjs app using axios for API/network calls. It performs an OPTIONS request before the POST request.
Anyhow, on my reactjs login page when I submit it sends a POST request to my Phoenix app.
I am seeing this in my console.log as an error:
Access to XMLHttpRequest at ‘http://www.example.com:4000/api/sessions’ from origin ‘http://app.example.com:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
I’m scratching my head here for a while and I can’t understand what the issue could be.
Since I set the value of origins to *, it should response with * for access-control-allow-origin it seems as per: https://github.com/whatyouhide/corsica/blob/master/lib/corsica.ex#L100