laravel handling the OPTION http method request
This is with reference to your question regarding the above issue. You did not mention the version of laravel and angularJS. I assume you are using lattest angularJS and Laravel. I also assume, the angular is hosted on http://localhost:3501 and the laravel is hosted on http://localhost Just follow the below steps.
Put below code block in /public/.htaccess file of laravel
Header set Access-Control-Allow-Origin "http://localhost:3501" Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS" Header set Access-Control-Allow-Credentials "true"
Put below line in config of angular
$httpProvider.defaults.withCredentials = true;
Never use * as wild card character. Larvel can not identify the domain for session management. So set http://localhost:3501 as full domain name to Access-Control-Allow-Origin. I think these will help you.
klvmungai
Updated on August 12, 2021Comments
-
klvmungai over 2 years
I am developing an angularjs app which uses laravel as its back end server. I am having trouble accessing data from laravel since before each GET request, angular first sends an OPTION request as below.
OPTIONS /61028/index.php/api/categories HTTP/1.1 Host: localhost Connection: keep-alive Cache-Control: max-age=0 Access-Control-Request-Method: GET Origin: http://localhost:3501 Access-Control-Request-Headers: origin, x-requested-with, accept Accept: */* Referer: http://localhost:3501/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: UTF-8,*;q=0.5
I have tried to respond this by adding the following code in the before filter
if (Request::getMethod() == "OPTIONS") { $headers = array( 'Access-Control-Allow-Origin' => '*', 'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE', 'Access-Control-Allow-Headers' => 'X-Requested-With, content-type' ); return Response::make('', 200, $headers); }
This creates a response with the headers:
Content-Encoding: gzip X-Powered-By: PHP/5.3.5-1ubuntu7.11 Connection: Keep-Alive Content-Length: 20 Keep-Alive: timeout=15, max=97 Server: Apache/2.2.17 (Ubuntu) Vary: Accept-Encoding access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE Content-Type: text/html; charset=UTF-8 access-control-allow-origin: * cache-control: no-cache access-control-allow-headers: X-Requested-With, content-type
Although the headers are set, the browser still throws an error
XMLHttpRequest cannot load http://localhost/61028/index.php/api/categories. Origin http://localhost:3501 is not allowed by Access-Control-Allow-Origin.
I have also tried setting the allow origin to the origin presented in the request header as below
$origin=Request::header('origin'); //then within the headers 'Access-Control-Allow-Origin' =>' '.$origin[0],
and still the same error What am i doing wrong? Any help is greatly appreciated.
Edit 1
I am currently using a very ugly hack where i over-ride laravels initialization when an OPTIONS request is received. This i have done in the index.php
<?php if ($_SERVER['REQUEST_METHOD']=='OPTIONS') { header('Access-Control-Allow-Origin : *'); header('Access-Control-Allow-Methods : POST, GET, OPTIONS, PUT, DELETE'); header('Access-Control-Allow-Headers : X-Requested-With, content-type'); }else{ /** * Laravel - A PHP Framework For Web Artisans * * @package Laravel * @version 3.2.13 * @author Taylor Otwell <[email protected]> * @link http://laravel.com */
I also had to add the allow-origin header to the before filter.
I know this is not smart but it is my only solution for now