How to Solve CORS error in accessing laravel routes
Solution 1
I had the same problem, solved it by Middleware
//App\Http\Middleware;
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', '*')
->header('Access-Control-Allow-Credentials', true)
->header('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type,X-Token-Auth,Authorization')
->header('Accept', 'application/json');
}
Than just register yours Middleware, local (for specific route/routes) or global.
Notice! Some old brovsers do not support '*' logic
Solution 2
I am using Laravel 8
check config/cors.php
change paths array to * ('paths' => ['*'])
Solution 3
For Laravel 8
In my case I added the origin that needs to access the resource.
// config/cors.php
// add a path to the resource here if you want it accessible to external origins
// for example no need to explicitly tell allowed origins
// what origins should gain access to api/* routes
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
// explicitly tell which origins needs access to the resource
'allowed_origins' => ['*', 'https://mywebsite.com', 'http://mywebsite.com'],
// or use regex pattern, helpful if you want to grant
// access to origins with certain pattern (i.e. an origin under a subdomain etc.)
'allowed_origins_patterns' => ['/https?:\/\/mywebsite\.com\/?\z/'],
// no changes made below
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
Also don't forget to run php artisan optimize
in case you are caching the config.
Related videos on Youtube
Gomathimeena Subburayan
Updated on June 04, 2022Comments
-
Gomathimeena Subburayan almost 2 years
Im very new to laravel applications.What im trying to do is developing an outlook web addon that uses the API written in laravel . The problem here is ,it produces the CORS error while accessing API's through outlook mail.
Error :
Access to XMLHttpRequest at 'https://test.com/api/test' from origin 'https://localhost:44377' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
What i have tried so far :
- spatia/laravel-cors module installed and tried
- Added this in bootstrap/app.php:
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: *'); header('Access-Control-Allow-Headers: *');
- created CORS class file and added as middleware
And finally end up with the same error.What should I do ?
Edit :
Why it automatically redirect the request to https instead of http .Where it went wrong ? The request url should be http://test.com/api/test ,not https://test.com/api/test
Thanks in advance !
-
CBroe almost 4 years“What should I do ?” - inform yourself how CORS works … You are making a request to
https://test.com
here, so the server behind that address is what would have to allow the request here. -
Gomathimeena Subburayan almost 4 years@CBroe it is virtual host in my local ,can you elaborate the procedure ?
-
CBroe almost 4 yearsSo what system is providing the functionality of
https://test.com/api/test
? Is that supposed to be your laravel installation? Or what is it? -
Gomathimeena Subburayan almost 4 years@CBroe As of now ,it just return a string, im using it for a test purpose .if things works well then only ill change the functionality.
-
Gomathimeena Subburayan almost 4 yearsusing laravel version 6.12
-
Odin Thunder almost 4 yearsCheck answer again, I found mistake.
-
trainoasis over 3 yearsusing v8 but CORS not working from localhost for me ...
-
gre_gor almost 2 yearsThis doesn't explain HOW to do it.
-
gre_gor almost 2 yearsThis isn't useful for production where you might need access from a different origin.