Laravel 5 1 API Enable Cors

Question

I ve looked for some ways to enable cors on laravel 5 1 specifically  I have found some libs like   https   github com neomerx cors-illuminate  https   github com barryvdh laravel-cors  but none of them has a implementation tutorial specifically to Laravel 5 1   I tried to config but It doesn t work   If someone already implemented CORS on laravel 5 1 I would be grateful for the help

User · Answer

barryvdh laravel-cors works perfectly with Laravel 5 1 with just a few key points in enabling it     After adding it as a composer dependency  make sure you have published the CORS config file and adjusted the CORS headers as you want them  Here is how mine look in app config cors php   lt  php  return         supportsCredentials    gt  true       allowedOrigins    gt              allowedHeaders    gt              allowedMethods    gt    GET    POST    PUT     DELETE         exposedHeaders    gt    DAV    content-length    Allow         maxAge    gt  86400       hosts    gt          After this  there is one more step that s not mentioned in the documentation  you have to add the CORS handler  Barryvdh Cors HandleCors  in the App kernel  I prefer to use it in the global middleware stack  Like this         The application s global HTTP middleware stack         var array     protected  middleware          Illuminate Foundation Http Middleware CheckForMaintenanceMode        Illuminate Cookie Middleware EncryptCookies        Illuminate Cookie Middleware AddQueuedCookiesToResponse        Illuminate Session Middleware StartSession        Illuminate View Middleware ShareErrorsFromSession         Barryvdh Cors HandleCors         But its up to you to use it as a route middleware and place on specific routes     This should make the package work with L5 1

User · Answer

just use this as a middleware   lt  php  namespace App Http Middleware   use Closure   class CorsMiddleware                  Handle an incoming request                 param   Illuminate Http Request   request         param   Closure   next         return mixed             public function handle  request  Closure  next                 response    next  request            response- gt header  Access-Control-Allow-Origin                  response- gt header  Access-Control-Allow-Methods                  return  response            and register the middleware in your kernel file on this path app Http Kernel php in which group that you prefer and everything will be fine

User · Answer

I always use an easy method  Just add below lines to  public index php file  You don t have to use a middleware I think   header  Access-Control-Allow-Origin         header  Access-Control-Allow-Methods  GET  PUT  POST  DELETE  OPTIONS

User · Answer

https   github com fruitcake laravel-cors Use this library  Follow the instruction mention in this repo  Remember don t use dd   or die   in the CORS URL because this library will not work  Always use return with the CORS URL  Thanks

User · Answer

I am using Laravel 5 4 and unfortunately although the accepted answer seems fine  for preflighted requests  like PUT and DELETE  which will be preceded by an OPTIONS request  specifying the middleware in the  routeMiddleware array  and using that in the routes definition file  will not work unless you define a route handler for OPTIONS as well  This is because without an OPTIONS route Laravel will internally respond to that method without the CORS headers   So in short either define the middleware in the  middleware array which runs globally for all requests or if you re doing it in  middlewareGroups or  routeMiddleware then also define a route handler for OPTIONS  This can be done like this   Route  match   options    put      route   function             This will work with the middleware shown in the accepted answer   - gt middleware  cors      I also wrote a middleware for the same purpose which looks similar but is larger in size as it tries to be more configurable and handles a bunch of conditions as well    lt  php  namespace App Http Middleware   use Closure   class Cors       private static  allowedOriginsWhitelist            http   localhost 8000                 All the headers must be a string      private static  allowedOrigin             private static  allowedMethods    OPTIONS  GET  POST  PUT  PATCH  DELETE        private static  allowCredentials    true        private static  allowedHeaders                       Handle an incoming request                 param   Illuminate Http Request   request         param   Closure   next         return mixed             public function handle  request  Closure  next              if     this- gt isCorsRequest  request                   return  next  request                  static   allowedOrigin    this- gt resolveAllowedOrigin  request          static   allowedHeaders    this- gt resolveAllowedHeaders  request           headers              Access-Control-Allow-Origin          gt  static   allowedOrigin           Access-Control-Allow-Methods         gt  static   allowedMethods           Access-Control-Allow-Headers         gt  static   allowedHeaders           Access-Control-Allow-Credentials     gt  static   allowCredentials                     For preflighted requests       if   request- gt getMethod        OPTIONS                   return response     200 - gt withHeaders  headers                   response    next  request - gt withHeaders  headers          return  response                        Incoming request is a CORS request if the Origin        header is set and Origin     Host                param   Illuminate Http Request   request             private function isCorsRequest  request               requestHasOrigin    request- gt headers- gt has  Origin           if   requestHasOrigin                   origin    request- gt headers- gt get  Origin              host    request- gt getSchemeAndHttpHost             if   origin      host                      return true                           return false                        Dynamic resolution of allowed origin since we can t        pass multiple domains to the header  The appropriate        domain is set in the Access-Control-Allow-Origin header        only if it is present in the whitelist                 param   Illuminate Http Request   request             private function resolveAllowedOrigin  request               allowedOrigin   static   allowedOrigin            If origin is in our  allowedOriginsWhitelist          then we send that in Access-Control-Allow-Origin         origin    request- gt headers- gt get  Origin           if  in array  origin  static   allowedOriginsWhitelist                    allowedOrigin    origin                 return  allowedOrigin                        Take the incoming client request headers        and return  Will be used to pass in Access-Control-Allow-Headers                param   Illuminate Http Request   request             private function resolveAllowedHeaders  request               allowedHeaders    request- gt headers- gt get  Access-Control-Request-Headers           return  allowedHeaders            Also written a blog post on this

User · Answer

For me i put this codes in public index php file  and it worked just fine for all CRUD operations   header  Access-Control-Allow-Origin       header  Access-Control-Allow-Methods  GET  PUT  POST  DELETE  OPTIONS  post  get    header  Access-Control-Max-Age    3600    header  Access-Control-Allow-Headers  Origin  Content-Type  X-Auth-Token    header  Access-Control-Allow-Credentials    true

User · Answer

Here is my CORS middleware    lt  php namespace App Http Middleware   use Closure   class CORS                   Handle an incoming request                 param   Illuminate Http Request   request         param   Closure   next         return mixed             public function handle  request  Closure  next                 header  Access-Control-Allow-Origin                   ALLOW OPTIONS METHOD          headers                  Access-Control-Allow-Methods   gt   POST  GET  OPTIONS  PUT  DELETE                Access-Control-Allow-Headers   gt   Content-Type  X-Auth-Token  Origin                     if  request- gt getMethod       OPTIONS                    The client-side application can set only headers allowed in Access-Control-Allow-Headers             return Response  make  OK   200   headers                       response    next  request           foreach  headers as  key   gt   value               response- gt header  key   value           return  response             To use CORS middleware you have to register it first in your app Http Kernel php file like this   protected  routeMiddleware               other middlewares          cors    gt   App Http Middleware CORS            Then you can use it in your routes  Route  get  example   array  middleware    gt   cors    uses    gt   ExampleController dummy

User · Answer

After wasting a lot of time I finally found this silly mistake which might help you as well   If you can t return response from your route either through function closure or through controller action then it won t work   Example   Closure  Route  post  login   function          return response  - gt json   key    gt   value    200     Make sure your response is there        Controller Action  Route  post  login   AuthController login     class AuthController extends Controller                   public function login               return response  - gt json   key    gt   value    200     Make sure your response is there                        Test CORS  Chrome -  Developer Tools -  Network tab    If anything goes wrong then your response headers won t be here

[php] Laravel 5.1 API Enable Cors

Examples related to php

Examples related to api

Examples related to laravel

Examples related to cors

Examples related to laravel-5.1