CORS error using cors-bundle for not cors reasons

When we develop an api system with symfony we often use nelmio/cors-bundle to handle Cross-Origin Resource Sharing errors on developing.

This bundle provide a simple way to configure the most of the cors problems by sending back the proper headers in the response. Doing that we can develop our client application without thinking on how to deal with this kind of problem.

This works well but has some downside if we don’t know how it words. Not expected cors errors comes if we return a response without set that headers on it. Not matter what we send back to the client if the bundle doesn’t populate headers you wouldn’t be able to see the response.

When this situation could happen?

• When a occur a php error that prevent to execute symfony completely.
• When you use echo, print and die, you are sending a response to the client out of the symfony scope.
• When the cors-bundle doesn’t listener the kernel response event properly.

Those cases are actually common when we are testing a new function in our apis, the problem is we never realize the happened because we always have a CORS error in the client side due this.