Laravel Cors issue on deployment

I implemented the Laravel Cors package

https://github.com/barryvdh/laravel-cors

and had it working successfuly on my local machine.

Now I've deployed it to a server, I'm getting CORS rejections again ...

I don't think that there is but ... Is there something I have forgot to run on the server during the deployment?

DigiProduct

6 years ago

Level 6

I just realised something ... and I'm not sure if it's relevant ...

I have things working without CORS problems that defined in the web route (routes/web.php)

What isn't working are the routes that are defined in the api route (routes/api.php)

Do I need to set up something different for the API routes compared to normal WEB routes?

DigiProduct

6 years ago

Level 6

Actually, I just discovered it is NOT a deployment issue ... I alos have issues on my local server .... it's actually a issue related to POST vs GET.

All my GETs are working but my POSTs are receiving CORS errors ... both locally and on the server.

My CORS.php file reads as follows:-


    /*
    |--------------------------------------------------------------------------
    | Laravel CORS
    |--------------------------------------------------------------------------
    |
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
    | to accept any value.
    |
    */
   
    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,

I've also tried with explicitly allowing all the verbs as follows:-


    /*
    |--------------------------------------------------------------------------
    | Laravel CORS
    |--------------------------------------------------------------------------
    |
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
    | to accept any value.
    |
    */
   
    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['PUT, GET, POST, DELETE, OPTION'],
    'exposedHeaders' => [],
    'maxAge' => 0,

Neither worked for POST ... but both work for GET

DigiProduct

6 years ago

Best Answer

Level 6

I fixed this .... somehow ... not 100% sure that this was it but ....

I added the following into the api middleware because the default installation of this package had only placed it in the web middleware

Barryvdh\Cors\ServiceProvider::class,

Please or to participate in this conversation.