4 years ago

laravel-cors is not returning Access-Control header on error response from dingo API

Posted 4 years ago by saqueib

We have just moved our Laravel API from Apache to Forge (nginx and hhvm) but one thing stopped working, its no longer sending error response with Access-Control-Allow-Origin header. Here is issue I have opened at barryvdh/laravel-cors but he seems busy, please have a look if you guys can help.

I am using "dingo/api": "1.0.*@dev". with L 5.1

All below returns response don't have Access-Control-Allow-Origin header

// returning 401 without origin header
return $this->response->error($user->msg, 401);  

// returning 422 without origin header
return $this->response->error('This email id has been taken.', 422); 

and by looking into console I can see below when I miss type the password in login form.

XMLHttpRequest cannot load No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 401.

All 200 responses are working, OPTIONS request is giving 200 on above /auth/login route as well, but when there is error response, no Access-Control-Allow-Origin headers were returned.

It was working before, I have moved app to forge, but I don't think that was the issue. sine it works with Postman. Do i have to set something for nginx

Please sign in or create an account to participate in this conversation.