Laravel 5.2 Cors, Get Not Working with Preflight Options

Laravel 5.2 CORS, GET not working with preflight OPTIONS

Clearly not the ideal solution but it WORKS. I've added this to the top of my routes.php file:

header('Access-Control-Allow-Origin: *');
header( 'Access-Control-Allow-Headers: Authorization, Content-Type' );

It would be nice to get this working without a hack... alas.

UPDATE: It turned out to be IIS related. I ended up setting the headers in the web.config file and now CORS works without hacking the routes.php file.

<httpProtocol>
    <customHeaders>
       <add name="Access-Control-Allow-Headers" value="Origin, Authorization, X-Requested-With, Content-Type, Accept" />
       <add name="Access-Control-Allow-Methods" value="POST,GET,OPTIONS,PUT,DELETE" />
    </customHeaders>
</httpProtocol>

If you want to restrict access, you can add outbound rules:

      <outboundRules>
          <clear />
                <rule name="AddCrossDomainHeader">
                    <match serverVariable="RESPONSE_Access_Control_Allow_Origin" pattern=".*" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">
                        <add input="{HTTP_ORIGIN}" pattern="(http(s)?://((.+\.)?somesite\.com|(.+\.)?anothersite\.org))" />
                    </conditions>
                    <action type="Rewrite" value="{C:0}" />
                </rule>
      </outboundRules>

Laravel 9 - CORS is not working (Access to XMLHttpRequest has been blocked by CORS policy)

I find a solution for my problem, I was trying to fetch data from http://localhost:8000/api and when I checked cors.php file I find the paths key contains 2 values like the following:

'paths' => ['api/*', 'sanctum/csrf-cookie']

so like I said I was navigating to api path not api/* only so the array should contain a value of the 'api' like the following:

'paths' => ['api/*', 'sanctum/csrf-cookie', 'api']

How to Solve CORS error in accessing laravel routes

I had the same problem, solved it by Middleware

Define your custom middleware

//App\Http\Middleware;

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', '*')
        ->header('Access-Control-Allow-Credentials', true)
        ->header('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type,X-Token-Auth,Authorization')
        ->header('Accept', 'application/json');
}

Than just register yours Middleware, local (for specific route/routes) or global.

How to register Middleware

Notice! Some old brovsers do not support '*' logic


Related Topics

Pass Array Literal to Postgresql Function

Decrypting Strings in Python That Were Encrypted with Mcrypt_Rijndael_256 in PHP

Use Git Smudge/Clean to Replace File Contents

PHP Curly Braces in Array Notation

How to Pass Multiple Variables Across Multiple Pages

Call to Undefined Method Domdocument::Getelementsbyclassname()

MySQL Query Using an Array

How to Do Single Sign-On with PHP

Best Way to Handle Errors on a PHP Page

PHP - Add Item to Beginning of Associative Array

How to Validate a Domain Name Using Regex & PHP

How Come Checkbox State Is Not Always Passed Along to PHP Script

How to Save Webpage as a Image File Using PHP

Max_File_Size in PHP - What's the Point

Saving Images in Database MySQL

Unknown Modifier '/' Error in PHP

Is Is Bad Practice to Use Array_Walk with MySQLi_Real_Escape_String

How to Add 24 Hours to a Unix Timestamp in PHP


Leave a reply



Submit