Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I've been having a CORS error in one page of my app, and after some troubleshooting i realized it's because of this (when i remove this part there's no more cors error)
$path = storage_path('app/public/address/countries+states+cities.json');
$content = collect(json_decode(file_get_contents($path), true));
here is the cors error i get:
Access to XMLHttpRequest at 'http://website:6969/api/customer/address/countries' from origin 'http:/website' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
this is especially weird because when i do add an Access-Control-Allow-Origin header i get the following error:
Access to XMLHttpRequest at 'http://website:6969/api/customer/address/countries' from origin 'http://website' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://website, *', but only one is allowed.
Also, this only works when i add the headers in nginx, otherwise i've tried adding cors middleware and headers in laravel but none of that seems to change anything, here's what i added in my nginx config (removed now):
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
file_get_contents() of the local file system to cause a CORS error, HTTP is not involved hereapp/public/address/countries+states+cities.json file be somehow conflicting with http://website:6969/api/customer/address/countries?hi, thanks for your reply
1.what do you mean by crossing over?
3.also no because this works in localhost it's just when it's on the server that i get these errors
Ok, poor choice of words.
CORS is the idea of https://website.com(others) giving Access-Control to https://yours.com to embed files. And this is enforced by the browsers.
i.e. https://yours.com has JS (XMLHttpRequest) trying to pull from http://website:6969/api/customer/address/countries
Based on the earlier (browser?) error, the code at http://website:6969/api/customer/address/countries needs modification, i.e. add CORS headers
How do you use $content? My best bet is that your website runs on http://website:6969 but your env has http://website
Change your env url to match your websites url
APP_URL=http://website:6969
my (the frontend) url is the 'http://website', the other (the backend) is 'http://website:6969', both are my apps so please tell me what i need to fix, thank you again for your time
i added the :6969 and the problem is still there :(, thx for the reply
@salah1337 please show the PHP code that is providing http://website:6969/api/customer/address/countries
here it is
public function countries() {
$path = storage_path('app/public/address/countries+states+cities.json');
$content = collect(json_decode(file_get_contents($path), true));
$countries = $content->pluck('name');
$phone = $content->sortBy('phone_code')->pluck('phone_code', 'name');
$data = [
'success' => true,
'countries' => [
'count' => $countries->count(),
'names' => $countries,
'phone' => $phone,
]
];
return \response()->json($data, 200);
}
Try this:
public function countries() {
$path = storage_path('app/public/address/countries+states+cities.json');
$content = collect(json_decode(file_get_contents($path), true));
$countries = $content->pluck('name');
$phone = $content->sortBy('phone_code')->pluck('phone_code', 'name');
$data = [
'success' => true,
'countries' => [
'count' => $countries->count(),
'names' => $countries,
'phone' => $phone,
]
];
return response()
->json($data, 200)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
Got this error,
Access to XMLHttpRequest at 'http://94.237.60.30:6969/api/customer/address/countries' from origin 'http://94.237.60.30' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
i don't think it's a header problem, i have no cors problems on the rest of the site, i think it has something to do with accessing local storage, maybe there's a permissions thing there, how ever this problem doesn't happen in localhost
Why do your URLs keep changing? What happened to http://website:6969?
i was just replacing my ip with the word website to make it easier to read
my browser is loading the front end url, same ip but on port 80
yes
countries()
countries() againThis is under 2 groups with prefixes for the customer/ and address/
Route::get('/countries', 'AddressController@countries');
and here is the controller
public function countries() {
$path = storage_path('app/public/address/countries+states+cities.json');
$content = collect(json_decode(file_get_contents($path), true));
$countries = $content->pluck('name');
$phone = $content->sortBy('phone_code')->pluck('phone_code', 'name');
$data = [
'success' => true,
'countries' => [
'count' => $countries->count(),
'names' => $countries,
'phone' => $phone,
]
];
return \response()
->json($data, 200)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');;
}
Can you run
curl -sSL -D - http://94.237.60.30:6969/api/customer/address/countries -o /dev/null in a terminal and show the output?curl -sSL -D - http://94.237.60.30/api/customer/address/countries -o /dev/null in a terminal and show the output?Please or to participate in this conversation.