How to enable CORS in Laravel?
Solution 1
Try laravel-cors package that allows you to send Cross-Origin Resource Sharing headers with Laravel middleware configuration.
Solution 2
First solution
Try to set the CORS middleware as a global middleware.
the handle function
in the CORS middleware
:
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
}
to add this middleware globally, go to App\Http\Kernel
, and add this line in the $middleware
array:
\App\Http\Middleware\Cors::class,
Second solution
you can also add this code in the bootstrap/app.php
header('Access-Control-Allow-Origin', '*');
header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
hope it works!
Solution 3
Add below to you .htaccess (just add to the destination site and origin site)
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
Hope it saves someone time, happy coding!!!
code-8
I'm B, I'm a cyb3r-full-stack-web-developer. I love anything that is related to web design/development/security, and I've been in the field for about ~9+ years. I do freelance on the side, if you need a web project done, message me. ;)
Updated on February 01, 2021Comments
-
code-8 about 3 years
I am in Laravel 5.8 - I kept getting this CORS issue
I've tried
php artisan make:middleware Cors
Add these code
<?php namespace App\Http\Middleware; use Closure; class Cors { public function handle($request, Closure $next) { return $next($request) ->header(‘Access-Control-Allow-Origin’, ‘*’) ->header(‘Access-Control-Allow-Methods’, ‘GET, POST, PUT, DELETE, OPTIONS’) ->header(‘Access-Control-Allow-Headers’, ‘X-Requested-With, Content-Type, X-Token-Auth, Authorization’); } }
restart my local Apache 2
sudo apachectl -k restart
Open up
app/Http/Kernel.php
- added this 1 lineprotected $routeMiddleware = [ 'auth' => \Illuminate\Auth\Middleware\Authenticate::class, 'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'can' => \Illuminate\Auth\Middleware\Authorize::class, 'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class, 'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class, 'admin' => \App\Http\Middleware\AdminMiddleware::class, 'dev' => \App\Http\Middleware\DevMiddleware::class, 'cors' => \App\Http\Middleware\Cors::class, <----- ];
refresh the site, go to console, still see the same CORS issue
How would one go about and debug this further?
-
Eric McWinNEr over 4 yearsI had the same issue and this package didn't do it for me but this did laravel-cors. Hope this helps someone.
-
Eric McWinNEr over 4 years@S.Sid Glad I could help.
-
Denys Siebov over 4 yearsnothing works for me((( I already added headers manually in bootstrap/app.php and see this headers in postman, but it still not works(((((
-
Swarna Sekhar Dhar almost 4 yearsit is giving header() expects at most 3 parameters, 7 given
-
Alejandro Beltran almost 3 yearsI put this lines at bottom of these files, cache cleared, but block persist