fix: Pastikan CORS headers ditambahkan ke error response juga, tambah DEPLOY_CORS_FIX.md

DEPLOY_CORS.md

@@ -112,18 +112,21 @@ fetch("https://api.btekno.cloud/health", {
 **Solusi:**
 
 1. **Restart PHP-FPM** (PENTING!):
+
    ```bash
    systemctl reload php-fpm-83  # Sesuaikan dengan PHP version
    # Atau via aaPanel: Website -> PHP -> Service Management -> Reload
    ```
 
 2. **Clear PHP Opcache**:
+
    ```bash
    php -r "opcache_reset();"
    # Atau via aaPanel: Website -> PHP -> Opcache -> Clear Cache
    ```
 
 3. **Cek apakah code sudah ter-pull**:
+
    ```bash
    cd /www/wwwroot/api.btekno.cloud/api
    git pull origin main

DEPLOY_CORS_FIX.md

@@ -0,0 +1,116 @@
+# 🔧 Fix CORS Headers Tidak Muncul
+
+## ⚠️ Masalah
+
+CORS headers tidak muncul di HTTP response meskipun `php bin/test_cors.php` menunjukkan middleware sudah bekerja.
+
+## ✅ Solusi Langkah Demi Langkah
+
+### 1. Pull Code Terbaru di Server
+
+```bash
+cd /www/wwwroot/api.btekno.cloud/api
+git pull origin main
+composer dump-autoload --optimize
+```
+
+### 2. Verifikasi Code Sudah Ter-update
+
+```bash
+# Cek apakah CorsMiddleware ada
+ls -la src/Middleware/CorsMiddleware.php
+
+# Cek apakah Bootstrap sudah include CORS
+grep -n "CorsMiddleware" src/Bootstrap/app.php
+```
+
+Harus muncul:
+- File `src/Middleware/CorsMiddleware.php` ada
+- `src/Bootstrap/app.php` berisi `CorsMiddleware`
+
+### 3. Restart PHP-FPM (PENTING!)
+
+```bash
+# Cek PHP version
+php -v
+
+# Restart sesuai PHP version
+systemctl reload php-fpm-83  # Untuk PHP 8.3
+# atau
+systemctl reload php-fpm-82  # Untuk PHP 8.2
+```
+
+**Via aaPanel:**
+- Website → api.btekno.cloud → PHP → Service Management → Reload
+
+### 4. Clear Opcache
+
+```bash
+# Via command
+php -r "opcache_reset();"
+```
+
+**Via aaPanel:**
+- Website → PHP → Opcache → Clear Cache
+
+### 5. Test CORS
+
+```bash
+# Test dengan curl
+curl -v -H "Origin: http://localhost/retribusi" https://api.btekno.cloud/health 2>&1 | grep -i "access-control"
+```
+
+**Harus muncul:**
+```
+< access-control-allow-origin: http://localhost/retribusi
+< access-control-allow-credentials: true
+< access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
+< access-control-allow-headers: Content-Type, Authorization, X-API-KEY, Accept, Origin
+< access-control-max-age: 86400
+```
+
+### 6. Jika Masih Belum Muncul
+
+**Cek error log:**
+```bash
+tail -f /www/wwwlogs/api.btekno.cloud.error.log
+```
+
+**Test middleware langsung:**
+```bash
+php bin/test_cors.php
+```
+
+Jika test script menunjukkan CORS headers muncul tapi HTTP tidak, kemungkinan:
+1. PHP-FPM belum di-restart ✅
+2. Opcache masih cache code lama ✅
+3. Nginx mungkin menghapus headers (jarang terjadi)
+
+**Cek nginx config:**
+```bash
+# Pastikan tidak ada proxy_hide_header atau add_header yang override
+grep -i "access-control" /www/server/panel/vhost/nginx/api.btekno.cloud.conf
+```
+
+Jika ada, hapus atau comment out.
+
+## 🎯 Quick Fix Command (All-in-One)
+
+```bash
+cd /www/wwwroot/api.btekno.cloud/api && \
+git pull origin main && \
+composer dump-autoload --optimize && \
+php -r "opcache_reset();" && \
+systemctl reload php-fpm-83 && \
+echo "✅ Done! Test dengan: curl -I -H 'Origin: http://localhost/retribusi' https://api.btekno.cloud/health"
+```
+
+## 📝 Checklist
+
+- [ ] Code sudah di-pull (`git pull origin main`)
+- [ ] Autoloader sudah di-regenerate (`composer dump-autoload --optimize`)
+- [ ] PHP-FPM sudah di-restart (`systemctl reload php-fpm-XX`)
+- [ ] Opcache sudah di-clear (`php -r "opcache_reset();"`)
+- [ ] Test CORS dengan curl menunjukkan headers muncul
+- [ ] Test dari browser console tidak ada CORS error
+

src/Bootstrap/app.php

@@ -5,9 +5,12 @@ declare(strict_types=1);
 namespace App\Bootstrap;
 
 use App\Middleware\CorsMiddleware;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
 use Slim\App;
 use Slim\Factory\AppFactory;
 use Slim\Middleware\BodyParsingMiddleware;
+use Slim\Middleware\ErrorMiddleware;
 
 class AppBootstrap
 {
@@ -20,9 +23,6 @@ class AppBootstrap
     {
         $app = AppFactory::create();
 
-        // Add CORS middleware FIRST (before routing)
-        $app->add(new CorsMiddleware());
-
         // Add body parsing middleware
         $app->addBodyParsingMiddleware();
 
@@ -30,7 +30,35 @@ class AppBootstrap
         $app->addRoutingMiddleware();
 
         // Add error middleware
-        $app->addErrorMiddleware(true, true, true);
+        $errorMiddleware = $app->addErrorMiddleware(true, true, true);
+        
+        // Set custom error handler that includes CORS headers
+        $errorHandler = $errorMiddleware->getDefaultErrorHandler();
+        $errorMiddleware->setDefaultErrorHandler(function (
+            ServerRequestInterface $request,
+            \Throwable $exception,
+            bool $displayErrorDetails,
+            bool $logErrors,
+            bool $logErrorDetails
+        ) use ($errorHandler, $app): ResponseInterface {
+            $response = $errorHandler($request, $exception, $displayErrorDetails, $logErrors, $logErrorDetails);
+            
+            // Add CORS headers to error response
+            $corsMiddleware = new CorsMiddleware();
+            return $corsMiddleware->process($request, new class($response) implements \Psr\Http\Server\RequestHandlerInterface {
+                private $response;
+                public function __construct($response) {
+                    $this->response = $response;
+                }
+                public function handle(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface {
+                    return $this->response;
+                }
+            });
+        });
+
+        // Add CORS middleware LAST (after error middleware)
+        // This ensures CORS headers are added to all responses, including errors
+        $app->add(new CorsMiddleware());
 
         return $app;
     }