the problem is that I have a website test.example.com
When I go to it, the request is sent and I get a successful response, but after I go to m.test.example.com and get an error:
Access to fetch at '...' from origin 'https://m.test.example.com has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://test.example.com' that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
The problem is that I don't know the exact domain. I mean it could be test.example.com and m.test.example.com or test.example2.com and api.test.example2.com etc. so I can't just put in allow_origin m.test.example.com and test.example.com.
I tried to use Access-Control-Allow-Origin *, but I can't because I use Access-Control-Allow-Credentials: true (using allow-origin null not an option either coz it's not safe) also on the backend I use php(symfony) & nelmioCorsBundle(1.5.6) and nginx. supposedly nelmio can support regex in origin, but the problem is that I don't know the exact domain.
I also try change corsListener:onKernelRequest so that it always uses the listener on kernel.response without checking origin. I also think that this problem may be caused by cache, but if you remove it, it will increase the load on the site. any ideas how to fix it?