Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

rajeshtva's avatar

can we have ui hosted on localhost & backend on a server ?

I have a vue.js ui hosted on localhost, currently which is communicating to api also hosted on localhost. but my plan is to host api on a server. and still using frontend on localhost. but there is a problem: image url

in this image, you can see the error that CORS error occurs. I am using laravel sanctum, laravel ui package, for authenticating a user. So my question is what should be cors setting for this.

my session.php file content is:

<?php
use Illuminate\Support\Str;

return [

    'driver' => env('SESSION_DRIVER', 'file'),
    'lifetime' => env('SESSION_LIFETIME', 525600),
    'expire_on_close' => false,
    'encrypt' => false,
    'files' => storage_path('framework/sessions'),
    'connection' => env('SESSION_CONNECTION', null),
    'table' => 'sessions',
    'store' => env('SESSION_STORE', null),
    'lottery' => [2, 100],
    'cookie' => env(
        'SESSION_COOKIE',
        Str::slug(env('APP_NAME', 'laravel'), '_').'_session'
    ),
    'path' => '/',
    'domain' => env('SESSION_DOMAIN', null),
    'secure' => env('SESSION_SECURE_COOKIE'),
    'http_only' => true,
    'same_site' => 'lax',
];

cors.php

<?php
return [
    'paths' => [
        '/*',
    ],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

sactum.php

<?php
return [
    'stateful' => explode(',', env(
        'SANCTUM_STATEFUL_DOMAINS',
        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1,127.0.0.1:8080,localhost:8080,localhost:8001,127.0.0.1:8001'
    )),
    'expiration' => null,
    'middleware' => [
        'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
        'encrypt_cookies' => App\Http\Middleware\EncryptCookies::class,
    ],
];
0 likes
2 replies
basirafeef's avatar

Question is a bit too old to answer, but I am posting this for any future reference to this question.

Yes, first setup your server to respond to cors origin OPTIONS request. with 200 ok response.

how it works : The Browser send OPTIONS request before the actual request to confirm that the server is ready to respond to the actual request. if the server is configured to allow CORS Origin request then the actual request is send to the server. otherwise request is not sending to the server.

You can setup your server to allow CORS Origin in different ways. the easy way is : in index.php at the top add the following.

header("Access-Control-Allow-Origin: yoursite1.com , yoursite2.com"); //"Access-Control-Allow-Origin: * " For all Domains header("Access-Control-Allow-Methods: GET, POST, PUT, OPTIONS"); //"Access-Control-Allow-Methods: * " For all Methods header("Access-Control-Allow-Headers: Content-Type"); //"Access-Control-Allow-Headers: OR *" For all Headers

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { return $response->withStatus(200); }

rajeshtva's avatar

@basirafeef isn't there any laravel way?. i mean if we are going to put in index.php, won't it get overwritten ?

as you can see in cors.php. these settings that you have suggested is already there.

Please or to participate in this conversation.