Dec 13, 2023
0
Level 1
CORS Error with Laravel 9.4
I recently upgrade my application to Laravel 9 and I noticed that the cors package is not inbuilt in laravel so I removed the fruitcake/laravel-cors library and replaced with mine but I've noticed that some of my routes are throwing Cors errors and I don't know why.
Error
Access to XMLHttpRequest at localhost:8000/api/respond from origin localhost:3000 has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Kernel.php
protected $middleware = [
\Illuminate\Http\Middleware\HandleCors::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\PreventRequestsDuringMaintenance::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\VersionResponseHeader::class,
\App\Http\Middleware\ThrottleOAuthLogins::class,
];
Cors.php
<?php
return [
'paths' => ['api/*', 'oauth/*'],
'allow_methods' => [
'POST',
'GET',
'OPTIONS',
'PUT',
'PATCH',
'DELETE',
],
'allow_headers' => [
'Content-Type',
'X-Auth-Token',
'Origin',
'Authorization',
'X-Automated'
],
'expose_headers' => [
'Cache-Control',
'Content-Language',
'Content-Type',
'Expires',
'Last-Modified',
'Pragma',
'X-Location',
'X-Automated'
],
/*
* Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
*/
'allowed_origins' => ['*'],
/*
* Patterns that can be used with `preg_match` to match the origin.
*/
'allowed_origins_patterns' => [],
/*
* Sets the Access-Control-Max-Age response header when > 0.
*/
'max_age' => 60 * 60 * 24,
/*
* Sets the Access-Control-Allow-Credentials header.
*/
'supports_credentials' => false,
];
Please or to participate in this conversation.