CORS issue on Edge browser

Hi - I have the javascript Ajax action (noted below) which removes a video record from a database row. The code works exactly as expected on Chrome, Firefox but fails on Edge, Safari and Opera. I'm hitting a CORS error (Failed to load resource: Origin **** is not allowed by Access-Control-Allow-Origin.). The page displays videos from an external server, which the user can then approve or reject. The page and videos all display exactly as expected on all browsers. I'm on Laravel 7 with fruitcake/laravel-cors loaded.

function toggle_Video_Approval(obj)
{
    if(obj.id){
    
        var data = {
            '_token': $("input[name='_token']").val(),
            'videotype_id': obj.id, //approved_###
            'server_id': $(obj).attr('server_id')
        };
      
        var url = PATH+'AjaxVideoApproval';
 
        runAjax(url, data, false);
    }
    
}

which connects to:

function runAjax(url, data, callback)
{
    $.ajaxSetup({
        headers:{'X-CSRF-TOKEN': $("input[name='_token']").val()}
    });

    $.ajax({
        type:'POST',
        url: url,
        data: data,

        success:function(response){

            AJAXRESPONSE = response;  
           
           //allow for no-callback option
           if(callback){

                callback();
            }
        },
        
        error: function(jqXHR, textStatus, errorThrown){
         
           console.log(JSON.stringify(jqXHR));
         
           return false;
       } 
            
    });
}

Any guidance on solving this is appreciated! Thanks - Rick

jlrdw

5 years ago

Best Answer

Level 75

See this concerning headers and clearing all cache: https://stackoverflow.com/questions/60168052/laravel-cors-with-fruitcake

Rretzko

5 years ago

Level 15

Thanks (again) jlrdw for this helpful guidance. Further analysis, however, led me to understand that the error messages was a symptom of another problem, but not the problem itself. I had a conflict with my https settings in my .htaccess file. Once I corrected my .htaccess file, the CORS problem resolved. In case it is helpful to someone else hits, I added the following lines into my .htaccess file:

RewriteEngine On

 RewriteCond %{HTTPS} off
 RewriteCond %{HTTP_HOST} ^(www\.)?<your-domain-name-here\.<your-com/org/etc-here>$ [NC]
 RewriteRule ^(.*)$ https://<your-domain.tld-here%{REQUEST_URI} [E=UPGRADE,L,R=301]

RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Please or to participate in this conversation.