Level 50
You do not need any authorisation in place. Just create your api routes and expose them to the world. You do not need any auth to be in place.
Aug 8, 2019
3
Level 4
Publishing API for non-laravel application, without logging, CORS
Hey. All tutorials I see show how to deal with CORS with JWT and loggin in.
But let's say I want to just publish API for some external application.
I installed https://github.com/barryvdh/laravel-cors
Added app/http/kernel.php in $middleware
\Barryvdh\Cors\HandleCors::class,
Added in VerifyCsrfToken.php
protected $except = [
'api/*'
];
In axios.html
<script src="https://unpkg.com/axios/dist/axios.min.js"></script>
<script type="text/javascript">
axios.post('myapiurl', {
apidata
}).then((res) => console.log(res))
</script>
Still 'has been blocked by CORS policy' error. Run axios.html by http-server
Level 4
I also added in routes/api.php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
Maybe problem is because I run it on localhost?
Level 4
Strange, when I do it on domain everything works, event without barryvdh package, just without anything, but it's not too good too
Please or to participate in this conversation.