Level 14
what do you mean by "Laravel Syntax error"? There is no such thing, only PHP syntax errors. Your code should not have syntax errors to begin with.
Dec 7, 2023
5
Level 1
Laravel Syntax error - missing Access-Control-Allowed-Origin header
I have a VUE SPA, and I use Laravel Sanctum on the server side. Authentication is happening with the standard cookie-based session authentication.
When I have a syntax error in the Laravel code, my frontend should receive the standard laravel error message (where is the syntax error, and what is it).
Sanctum and the CORS settings are set up correctly, because in case of a successfull response, I have the Access-Control-Allowed-Origin header correctly set. (localhost:5173 in my case)
But when there is an error, this response doesn't have this header, and I receive a CORS error. Why doesn't Laravel set the Access-Control-Allowed-Origin header in an error case? Do I need to define a custom middleware for this or can this be solved in Laravel CORS settings?
Error: login:1 Access to XMLHttpRequest at '...' from origin '...' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Level 1
Sure, a PHP syntax error. And surely, you shouldn't have them... but there are cases when there are because it happens to everyone? And in this case Laravel should return with the error message (file, row, error message) just like it does in normal circumstances when you build a Laravel app.
Level 14
@Tamas_hi I'm not sure we are on the same page. Syntax errors are things like a missing semicolon ; or closing bracket } or writing retrn instead of return. In these cases the PHP parser will generate a syntax error and your code will not execute at all.
Your errors should normally be things like pulling a non existing key from an array, or pull a model field on a variable that is actually null. These runtime errors can be checked or try catched, and reported. You can also listen for these types of exceptions on Exceptions\Handler@report method.
Level 1
@krisi_gjika In one project, this is what I see in my browser console when there is a deliberate syntax error on the server side:
exception: "ParseError" file:"/var/lib/TestController.php" line: 33 message: "syntax error, unexpected token "if"" trace: []
The reason why it works in that specific project, because CORS is not set up. Now in my current project, CORS is set up, and I want to see the same response arriving from the server (exception, file, line, message, trace). Laravel is capable of creating a response like this as seen from the example above.
The question is, why Laravel doesn't add the Access-Control-Allowed-Origin header to the response, when there is - for example - a syntax error. That would be the reasonable outcome I think that in case of an error, it still adds it.
Level 14
@Tamas_hi Laravel can't add the Access-Control-Allowed-Origin header because Laravel is not booting at all!
A php script with a syntax error will not run at all bc it can't be parsed into code by php. And in the case of autoloading, your entire application is essentially one php script. It's not like your code will run up to the point of the error, it will not run at all.
Unless you try catch(Throwable $th) you entire Laravel application there is no where you can write code that sets this header.
Please or to participate in this conversation.