Allow CORS for webroot files!

Heya,

The CORS error occurs when the server does not include the appropriate CORS headers in the response, or when the headers do not allow access from the specified origin.

In your case, it seems that the Access-Control-Allow-Headers value in the server response does not include the access-control-allow-origin header. To resolve this issue, you need to update your CakePHP configuration to include the correct CORS headers.

Update the CakePHP CORS configuration: Locate your config/app.php or config/app_local.php file, and look for the Cors middleware configuration. Update it to include the necessary headers:

'Cors' => [
    'allowOrigin' => ['http://localhost:8080'], // or use '*' to allow any origin
    'allowMethods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
    'allowHeaders' => ['Content-Type', 'Origin', 'X-Requested-With', 'Accept', 'Authorization', 'Access-Control-Allow-Origin'],
    'exposeHeaders' => ['Link'],
    'maxAge' => 300,
    'supportsCredentials' => true,
],

Load the CorsMiddleware: In your src/Application.php file, make sure you have the following code to load the CorsMiddleware:

use Cake\Http\Middleware\CorsMiddleware;

// ...

public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
    // ...

    $cors = new CorsMiddleware((array)$this->getConfig('Cors'));
    $middlewareQueue->add($cors);

    return $middlewareQueue;
}

Clear the CakePHP cache: Run the following command to clear the CakePHP cache:

bin/cake cache clear_all

After making these updates, your CakePHP application should include the correct CORS headers in the response, allowing requests from http://localhost:8080. If you still encounter issues, double-check the configuration and make sure there are no typos or missing settings.

Keep in mind that using '*' to allow any origin can expose your API to security risks. Use it with caution, and only for testing purposes. In production, replace it with the specific origin(s) you want to allow.