Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

CORS Not working #522

Open
AliZaibazr opened this issue Mar 24, 2021 · 10 comments
Open

CORS Not working #522

AliZaibazr opened this issue Mar 24, 2021 · 10 comments

Comments

@AliZaibazr
Copy link

AliZaibazr commented Mar 24, 2021

getting error:
ww.example.com has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

@AliZaibazr
Copy link
Author

At last, after the effort of 3 days, I have removed the fruitcake package and using my own middleware.

@meeran-seers
Copy link

images

@MihailProcudin
Copy link

Same here, in my dev env suddenly something happened and now cors warning is firing all the time.
Just cant fix it now ....

@MihailProcudin
Copy link

It was just an error in the Model, not related to cors, sorted now.

@sanushen
Copy link

sanushen commented Apr 5, 2021

Also struggled for the whole weekend. Added custom middleware and it works now.

@Ghustavh97
Copy link

Stack: nginx laravel 8

I have no idea if this will help or why it's behaving like this, but for some reason if I send an options request (aka a preflight request) to my root domain path like api.example.com/ I get a 405 Not Allowed from nginx with generic headers that do not contain the Access-Control-Allow headers needed by the browser, even if api.example.com/ is a valid path in my routes/api.php file.

The browser seems not to care about the 405 but the fact that the 405 response has no allow headers at all and will console.log() the annoying message Request header (something-something) is not allowed by Access-Control-Allow-Headers in preflight response.

Capture1

But

if I send a request to any path that is not root e.g api.example.com/123123123123 EVEN if the path does not exist in routes/api.php the preflight response works and responds with the headers needed by the browser for cors.

Capture2

Bonus Note

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Capture3

@kenny-lee-1992
Copy link

Same thing, I removed the fruitcake cors and using my own middleware.

    public function handle(Request $request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
            ->header('Access-Control-Allow-Headers', '*');
    }

@romansorin
Copy link

Same thing, I removed the fruitcake cors and using my own middleware.

    public function handle(Request $request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
            ->header('Access-Control-Allow-Headers', '*');
    }

This did it for me. For whatever reason, using the CORS package didn't work on any routes, even if they were explicitly specified. I don't believe that this solution covers preflight requests appropriately, but it handles most cases.

@wsajjadh
Copy link

wsajjadh commented Jun 2, 2022

I had same issues and spent hours of debugging but at last I just run php artisan config:cache and copied the bootstrap/config files to server.

Do not forgot to change your ENV to production settings such as db, keys and etc before running config:cache

Please note that I had this issue when the app is on server. Everything works perfectly in local development.

@fylzero
Copy link

fylzero commented Sep 23, 2022

Same issue here. The preflight simply does not seem to work for most situations. Nothing I tried would send the headers except adding them in middleware or to the route file manually. There should just be an option to disable preflight and always add the headers - since that is what most of us running into this issue are doing.

cc: @barryvdh

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants