Level 60
Make sure XSRF-TOKEN is stored in your browser ( Dev tools -> Storage -> Cookies ), then make sure axios is configured properly
axios.defaults.withCredentials = true
Feb 24, 2026
1
Level 1
Laravel 12 Cors- not working for me?
Apparently CORS just works with Laravel 12, but it doesn't work for me?
Starting from scratch, install/api config:publish cors
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['localhost:3000', '127.0.0.1:3000'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 600,
'supports_credentials' => false,
Simple routes:
Route::get('/show/{id}', [EmailController::class, 'show']);
Route::post('/search', [EmailController::class, 'search']);
Route::post('/search2', [EmailController::class, 'search2']);
simple app.php, does it need a middleware setup, or is it always there?
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
api: __DIR__.'/../routes/api.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware): void {
//
})
->withExceptions(function (Exceptions $exceptions): void {
//
})->create();
Postman call, works as expected, but as we know, ignores the origins header.
What am I missing?
Thanks for any help. Phil.
Please or to participate in this conversation.