How to get environment string inside new Laravel 11 bootstrap/app.php withMiddleware section?

Hello,

Laravel 11 changed the way how bootstrapping middlewares, routes and exceptions work.

I want to only EXCLUDE (HandleCors.php) if the environment === 'local'.

However, calling app()->environment() gives 500 inside of /bootstap/app.php in the withMiddleware section.

What is the solution to achieve removing this middleware for the 'local' env only without reverting to the old Laravel 10 structure?

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        web: __DIR__.'/../routes/webRoutes.php',
        api: __DIR__.'/../routes/apiRoutes.php',
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        // CORS on our servers is already handled by Nginx. Locally using Laravel Sail, it is useful though.
        // app()->environment() throws 500 inside of /bootstap/app.php in the withMiddleware section!
        // app()->environment() throws 500 inside of /bootstap/app.php in the withMiddleware section!
        // app()->environment() throws 500 inside of /bootstap/app.php in the withMiddleware section!
        if (app()->environment() === 'local') {
            $middleware->remove(HandleCors::class);
        }

        $middleware->remove([
            ConvertEmptyStringsToNull::class,
            TrimStrings::class,
            ValidateCsrfToken::class,
            ValidatePostSize::class,
        ]);

s4muel

2 years ago

Best Answer

Level 50

not sure you can do it at that point (in the bootstrap), because the app doesn't exist yet. as a workaround you should be OK to create a custom cors middleware wrapper and skip the middleware there when the environment is local.

i mean like this: in the bootstrap

->withMiddleware(function (Middleware $middleware) {
    $middleware->replace(
        HandleCors::class, \App\Http\Middleware\CustomHandleCors::class
    );
})//...

and the CustomHandleCors middleware:

<?php

namespace App\Http\Middleware;

use Closure;
use Fruitcake\Cors\CorsService;
use Illuminate\Contracts\Container\Container;

class CustomHandleCors extends \Illuminate\Http\Middleware\HandleCors
{
    public function __construct(Container $container, CorsService $cors)
    {
        if (!app()->environment('local')) {
            parent::__construct($container, $cors);
        }
    }

    public function handle($request, Closure $next)
    {
        if (!app()->environment('local')) {
            return parent::handle($request, $next);
        }

        return $next($request);
    }
}

but there might be something to configure it more laravel way, someone more experienced with L11 can point to right direction. until then you could be fine with the custom wrapper.

or just keep the CORS middleware like it is, just change the CORS configuration when running on local (change the published config/cors.php to get values from env and set it differently for local and production)

1 like

vibonacci

2 years ago

Level 1

@s4muel Was hoping for not another file, as less files being the point of Laravel 11 🤣, but ofc this will do just fine.

1 like

Snapey

2 years ago

Level 122

@vibonacci OMG. dont think the point of Laravel 11 is less files. A well structured app will (and should) have more files than a badly structured one.

Besides, the point of @s4muel 's answer is to say make the cors middleware responsible for deciding if it does anything. This way you can always include it instead of trying to find a good place to bypass it.

2 likes

vibonacci

2 years ago

Level 1

Guess I over-exaggerated the problem a bit. Thought it would be a 'waste' to actually register the middleware when it won't be used at all (for non-local). The more I work with the new middleware system of L11, the more I actually like the more verbose setup of L10. A bit off topic though.

Thanks for the help.

Please or to participate in this conversation.