0

I followed this post but it only worked for GET method (as you can see it is mentioned in comments). I also installed this pakage but again it only works for GET method. This the error I get:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin my origin is therefore not allowed access. The response had HTTP status code 403.

PHP version: 7.1

Laravel version: 5.6

Frontend application: angular app (Do I need to change sth here?)

//Cours.php (middleware I created myself using the first method) class Cors { public function handle($request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin', '*') ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); } } //cors.php (config/cors.php second method using the laravel-cors package) return [ 'supportsCredentials' => false, 'allowedOrigins' => ['*'], 'allowedOriginsPatterns' => [], 'allowedHeaders' => ['*'], 'allowedMethods' => ['*'], 'exposedHeaders' => [], 'maxAge' => 0, ]; //kernel.php namespace App\Http; use Illuminate\Foundation\Http\Kernel as HttpKernel; class Kernel extends HttpKernel { protected $middleware = [ \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \App\Http\Middleware\TrustProxies::class, \Barryvdh\Cors\HandleCors::class, ]; protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, // \Illuminate\Session\Middleware\AuthenticateSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ], 'api' => [ 'throttle:60,1', 'bindings', ], ]; protected $routeMiddleware = [ 'auth' => \App\Http\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'cors' => \App\Http\Middleware\Cors::class, ]; }
Improve this question
10
  • Install this package link "github.com/barryvdh/laravel-cors" and re-run the project by clear config, route. Commented May 29, 2018 at 16:48
  • I mentioned the fact that I've already tested this package in the question. But I got the same error. Commented May 29, 2018 at 16:49
  • Let do one more thing. Instead of adding * to origin add the url of your laravel application. And I expect you clear the cache, route and config of your laravel project Commented May 29, 2018 at 16:51
  • I got the same error Commented May 29, 2018 at 17:01
  • I have also set-up the project with same requirement. First time it gives me error but after re-run it works. Anyway could you please update your question with kernel.php and cors.php(config file) Commented May 29, 2018 at 17:03

4 Answers 4

Reset to default
2

No need any type package for laravel-cors. Just create Middleware:

namespace App\Http\Middleware; use Closure; class Cors { public function handle($request, Closure $next) { $allowedOrigins = ['http://myroute.xyz', 'http://clarkconcepts.net','http://localhost']; $origin = isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''; if (in_array($origin, $allowedOrigins)) { return $next($request) ->header('Access-Control-Allow-Origin', $origin) ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') ->header('Access-Control-Allow-Headers',' Origin, Content-Type, Accept, Authorization, X-Request-With, cache-control,postman-token, token') ->header('Access-Control-Allow-Credentials',' true'); } return $next($request); } }

In app/Http/Kernel.php add Middleware in $middleware section:

protected $middleware = [ \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \App\Http\Middleware\TrustProxies::class, \App\Http\Middleware\Cors::class, //added here ];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

you need use first method this post without use any package then add also this class to protected $middleware like this post then post method also have desired headers.

it works for me, I hope work for you.

Improve this answer

Comments

0

You could also use the great laravel-cors package by barryvdh.

After you have the package installed, the easiest way to get CORS support for all your routes is to add the middleware like this in Http/Kernel.php: ($middleware)

\Barryvdh\Cors\HandleCors::class

And edit config/Cors.php 'allowedOrigins' => ['*']

More info check https://github.com/barryvdh/laravel-cors/blob/master/readme.md

Improve this answer

1 Comment

Please read the question carefully. I mentioned that I've used this package and I got the same error. Only GET works
0

I also encountered this error while trying to create an endpoint for a serial number checker on wordpress using laravel So just use the cors generated by laravel

<?php namespace App\Http\Middleware; use Closure; class CORS { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $response = $next($request); $response->headers->set('Access-Control-Allow-Origin' , '*'); $response->headers->set('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE'); $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With, Application'); return $response; } }``` Then exclude the route if you are it does not need CSRF protection [as shown here][1] . The cors.php under config remains the same just adjust the `allowed origins` ```php <?php return [ /* |-------------------------------------------------------------------------- | Allowed Origins |-------------------------------------------------------------------------- | | Indicate here the origin domains that are allowed to access your API. | The '*' wildcard can be used to allow all domains to make requests. | */ 'allowed_origins' => [ 'http://localhost', 'http://localhost/wordpresss', ], /* |-------------------------------------------------------------------------- | Allowed HTTP Headers |-------------------------------------------------------------------------- | | Indicate here the HTTP headers that are allowed when making requests. | */ 'allowed_headers' =>['*'], /* |-------------------------------------------------------------------------- | Allowed HTTP Methods |-------------------------------------------------------------------------- | | Indicate here the HTTP methods that are allowed when making requests. | */ 'allowed_methods' => ['*'], /* |-------------------------------------------------------------------------- | Whether or not the response can be exposed when credentials are present |-------------------------------------------------------------------------- | | Indicates whether or not the response to the request can be exposed when the credentials flag is true. | When used as part of a response to a preflight request, this indicates whether or not the actual request | can be made using credentials. | */ 'exposed_headers' => [], /* |-------------------------------------------------------------------------- | Whether or not the request can include user credentials like cookies, HTTP authentication or client side SSL certificates |-------------------------------------------------------------------------- | | Indicates whether or not the response to the request can be exposed when the credentials flag is true. | When used as part of a response to a preflight request, this indicates whether or not the actual request | can be made using credentials. | */ 'allow_credentials' => false, /* |-------------------------------------------------------------------------- | The number of seconds the client should cache preflight responses |-------------------------------------------------------------------------- | | Indicates how long the results of a preflight request can be cached in a preflight result cache. | */ 'max_age' => 0, ];

Happy coding glad I could save someone some time!!!

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.