Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

octoxan's avatar

Running into CORS issue only when setting contentType to "application/json"

I'm trying to work on an API where a user can submit a form from example.com (not the Laravel website) and it will make an ajax post request to subdomain.example.com (the Laravel website).

One of the value's I'm trying to submit is a checkbox, so it's an array.

<input type="checkbox" name="array[]">

If I use the following jQuery

$('.form').submit(function(e) {
    e.preventDefault();
    $.ajax({
        url: 'http://subdomain.example.com/api/v1/applications',
        type: 'POST',
        contentType: "application/json",
        dataType: 'json',
        data: $(this).serialize(),
        success: function(result) {
            console.log(result);
        },
                error: function(xhr, resp, text) {
                    console.log(xhr, resp, text);
                }
    });
});

I get the console error....

"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

Even though I'm using a CORS middleware that allows me to do other requests just fine.

Here's my middleware...

public function handle($request, Closure $next)
    {
        return $next($request)
           ->header('Access-Control-Allow-Origin', '*')
           ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
           ->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token');
    }

If I remove the contentType: "application/json" from the javascript so I have this...

$('.form').submit(function(e) {
    e.preventDefault();
    $.ajax({
        url: 'http://subdomain.example.com/api/v1/applications',
        type: 'POST',
        contentType: "application/json",
        dataType: 'json',
        data: $(this).serialize(),
        success: function(result) {
            console.log(result);
        },
                error: function(xhr, resp, text) {
                    console.log(xhr, resp, text);
                }
    });
});

I get the Laravel error message:

Type error: Argument 1 passed to Illuminate\Database\Grammar::parameterize() must be of the type array, string given, called in /home/vagrant/Code/examplesite/vendor/laravel/framework/src/Illuminate/Database/Query/Grammars/Grammar.php on line 665

Not sure exactly what that means, I'm guessing because the contentType isn't JSON which I believe it's required to be for storing data with an API, at least according to the tutorial video I watching. So it seems like the request is allowed as long as I don't convert it to contentType application/json.

Any ideas?

0 likes
3 replies
davielee's avatar

@octoxan can you try adding the following to your Ajax call? As well as putting the content type back to JSON.

$.ajax({
    xhrFields: {
        withCredentials: true
    }
});
octoxan's avatar

@craigpaul Still getting "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource." with that added in.

Do I need some sort of header set on the site thats making the POST request? Right now I have all the headers set on the Laravel site thats receiving the requests.

leemg's avatar

Hi OCTOXAN,

Did you ever get anywhere with this?

I am having a similiar problem. I have an API on a subdomain, I have a form on my site which makes an AJAX request to a PHP API interface, which in turn makes a POST request to my API endpoint via PHP CURL.

I've set up this CORS package https://github.com/barryvdh/laravel-cors, but I get no response from the server.

I'm curious whether you finally got your solution working?

Many thanks

Please or to participate in this conversation.