Nginx on aapanel blocks CORS headers from PHP script – Blancer.com Tutorials and projects

I am trying to make a cross-domain API request from https://andiamo.elenmorcreative.com to https://andiamo-backend.elenmorcreative.com.

I have configured Laravel and CORS correctly, but it always fails. To prove the problem is on the server, I created a simple public/test.php file that only contains the header(“Access-Control-Allow-Origin: https://andiamo.elenmorcreative.com”);.

However, when I called test.php from the frontend domain, I still got a CORS error, which means the header was not sent. This proves there is something in the Nginx/aapanel configuration that is blocking it.

Here is my current Nginx configuration. Please help to find which setting might be causing this.

server {
    listen 80;
    listen 443 ssl http2;
    server_name andiamo-backend.elenmorcreative.com;
    root /www/wwwroot/andiamo-backend.elenmorcreative.com/andiamo-backend/public;

    # Konfigurasi SSL (JANGAN DIUBAH)
    ssl_certificate /www/server/panel/vhost/cert/andiamo-backend.elenmorcreative.com/fullchain.pem;
    ssl_certificate_key /www/server/panel/vhost/cert/andiamo-backend.elenmorcreative.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;

    # Pengaturan Umum
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    index index.php;
    charset utf-8;

    # Pengalihan ke HTTPS
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
    
    # Aturan Rewrite Standar untuk Laravel
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # Penanganan Error Page
    error_page 404 /index.php;

    # Blok PHP yang Bersih dan Standar
    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/tmp/php-cgi-83.sock; # Sesuaikan dengan versi PHP Anda
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        fastcgi_param DOCUMENT_ROOT $realpath_root;
        internal;
    }
    
    # Blokir akses ke file sensitif
    location ~ /.(?!well-known).* {
        deny all;
    }

    # Logging
    access_log /www/wwwlogs/andiamo-backend.elenmorcreative.com.log;
    error_log /www/wwwlogs/andiamo-backend.elenmorcreative.com.error.log;
}

look for help on community forums that are more specific to aapanel and Nginx.