How to Solve CORS error in accessing laravel routes

php laravel outlook cors outlook-addin

11,616

Solution 1

I had the same problem, solved it by Middleware

//App\Http\Middleware;

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', '*')
        ->header('Access-Control-Allow-Credentials', true)
        ->header('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type,X-Token-Auth,Authorization')
        ->header('Accept', 'application/json');
}

Than just register yours Middleware, local (for specific route/routes) or global.

How to register Middleware

Notice! Some old brovsers do not support '*' logic

Solution 2

I am using Laravel 8

check config/cors.php

change paths array to * ('paths' => ['*'])

Solution 3

For Laravel 8

In my case I added the origin that needs to access the resource.

// config/cors.php

// add a path to the resource here if you want it accessible to external origins
// for example no need to explicitly tell allowed origins
// what origins should gain access to api/* routes
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],

// explicitly tell which origins needs access to the resource
'allowed_origins' => ['*', 'https://mywebsite.com', 'http://mywebsite.com'],

// or use regex pattern, helpful if you want to grant
// access to origins with certain pattern (i.e. an origin under a subdomain etc.)
'allowed_origins_patterns' => ['/https?:\/\/mywebsite\.com\/?\z/'],

// no changes made below
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,

Also don't forget to run php artisan optimize in case you are caching the config.

11,616

Gomathimeena Subburayan

Updated on June 04, 2022

Comments

Gomathimeena Subburayan almost 2 years
Im very new to laravel applications.What im trying to do is developing an outlook web addon that uses the API written in laravel . The problem here is ,it produces the CORS error while accessing API's through outlook mail.

Error :
```
Access to XMLHttpRequest at 'https://test.com/api/test' from origin 'https://localhost:44377' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
```
What i have tried so far :
- spatia/laravel-cors module installed and tried
- Added this in bootstrap/app.php:
```
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: *');
header('Access-Control-Allow-Headers: *');
```
- created CORS class file and added as middleware
And finally end up with the same error.What should I do ?

Edit :

Why it automatically redirect the request to https instead of http .Where it went wrong ? The request url should be http://test.com/api/test ,not https://test.com/api/test

Thanks in advance !
- CBroe almost 4 years
  
  “What should I do ?” - inform yourself how CORS works … You are making a request to https://test.com here, so the server behind that address is what would have to allow the request here.
- Gomathimeena Subburayan almost 4 years
  
  @CBroe it is virtual host in my local ,can you elaborate the procedure ?
- CBroe almost 4 years
  
  So what system is providing the functionality of https://test.com/api/test? Is that supposed to be your laravel installation? Or what is it?
- Gomathimeena Subburayan almost 4 years
  
  @CBroe As of now ,it just return a string, im using it for a test purpose .if things works well then only ill change the functionality.
Gomathimeena Subburayan almost 4 years

using laravel version 6.12
Odin Thunder almost 4 years

Check answer again, I found mistake.
trainoasis over 3 years

using v8 but CORS not working from localhost for me ...
gre_gor almost 2 years

This doesn't explain HOW to do it.
gre_gor almost 2 years

This isn't useful for production where you might need access from a different origin.