enabling CORS for local development

We've splitting our react front end into its own repo and am in the process of connecting it to the local instance of our laravel 7 api.

The react app is being run using yarn and is running on localhost:3000. The laravel api is running on localhost.

We're getting CORS issues connecting the two together this way.

Sending the following request:

  fetch('http://localhost/api/auth/login', {
            method: 'POST', // or 'PUT'
            headers: {
                'Content-Type': 'application/json',
            },
        },'')

returns the usual CORS errors in console.

even though in Kernel we have included the middlesware

        protected $middlewareGroups = [
            'web' => [
                \Fruitcake\Cors\HandleCors::class,
                'bindings',
                \Illuminate\Session\Middleware\StartSession::class,
                ShareErrorsFromSession::class
            ],
            'api' => [
                \Fruitcake\Cors\HandleCors::class,
                //'throttle:60,1',
                'bindings',
                \App\Http\Middleware\ForceJsonResponse::class,
            ]
        ];

But, if I include HandleCors::class in

       protected $middleware = [
            \App\Http\Middleware\TrimStrings::class,
            \App\Http\Middleware\Locale::class,
            \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
            \Fruitcake\Cors\HandleCors::class
        ];

then I don't get the CORS error in console.

That would suggest either middleware isn't being loaded properly in its groups, or routing is wrong.

the route I'm testing against is in api.php

Route::prefix('auth')->group(function () {
    Route::post('login', [
        'uses' => 'Authentication@login',
        'as' => 'authentication.login'
    ]);
});

Any idea what might be up here?

bugsysha

4 years ago

Level 61

Have you watched this?

automica

4 years ago

Level 54

@bugsysha I have done. What works for me is to include the \Fruitcake\Cors\HandleCors::class in $middleware.

What I want to do, however, is to set it for only api routes, which I have done in Kernel, but isn't working.

in AppServiceProvider.php I have

        protected function mapApiRoutes()
        {
            Route::prefix('api')
                 ->middleware('api')
                 ->namespace($this->namespace)
                 ->group(base_path('routes/api.php'));
        }

and within $middlewareGroups I have

 protected $middlewareGroups = [
            'api' => [
                \Fruitcake\Cors\HandleCors::class,
                //'throttle:60,1',
                'bindings',
                \App\Http\Middleware\ForceJsonResponse::class,
            ]
        ];

which looks pretty standard. So issue is why adding HandleCors to apply everywhere works, but when applying to just api Routes it doesn't.

bugsysha

4 years ago

Level 61

@automica what do you get on php artisan route:list for api routes?

wingly

4 years ago

Best Answer

Level 29

@automica check the docs for this one Group middleware is no longer supported, use the global middleware. https://github.com/fruitcake/laravel-cors#global-usage

automica

4 years ago

Level 54

@wingly right. so is this something that might of worked in previous version or do you think its just previous developer not setting it up correctly?

wingly

4 years ago

Level 29

@automica i think this was valid in L5

automica

4 years ago

Level 54

@wingly grand. I'll update my code accordingly. Thanks for your help @wingly @bugsysha

Please or to participate in this conversation.