Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm attempting to redirect to Mollie from one of my controllers like so;
return Redirect::away($payment->getRedirectUrl());
However, I constantly get the error message;
Access to XMLHttpRequest at 'https://www.mollie.com/payscreen/CENSORED' (redirected from 'https://domain.test/checkout') from origin 'https://domain.test' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I've got absolutely no clue why this is, and I'm not sure if it's on my end or Mollie's since as always, CORS error messages suck and give 0 context to what is happening.
I've tried using popular packages like; https://github.com/fruitcake/laravel-cors
But no luck.
Hopefully someone can help out.
From where do you call the Redirect::away call in your controller. It sounds to me that you're doing this in your frontend. However, your frontend is not allowed to redirect you. Instead, you need to send the payment url to the frontend and replace the URL or open it in a new tab. A redirect won't work here.
redirect()->to($payment->getRedirectUrl()) should work as well ;) (At leas that is what I use with Mollie)
I'm calling it from within a POST method. AKA The user clicks the pay button, we setup the Mollie payment/transaction, and then return/redirect them to the Mollie payment page.
Tried with the method you provided and still having the same issue. I'm using InertiaJS with Laravel but this redirect code is being run inside my actual Laravel controller so I feel like those other things shouldn't impact it?
But you're running it through InertiaJS which is doing an ajax post request for you in the browser whenever you click on the button. Because of that, you're not allowed to just go to another website.
So the best option then is to reply a JSON response instead and have the frontend handle it? I'm sort of confused as to what I'm supposed to be doing now lol. Ideally I'd like to just disable CORS completely since I think it's one of the most pointless things ever made but I assume that isn't really possible, so I'm not sure how I should be approaching this. :/
I have a new solution to this problem, as seen on the inertiaJS github, they are discussing the best way to create a "external redirect" on inertiaJS, the solution for now is return a 409 status with 'X-Inertia-Location' header informing the url, like this:
return response('', 409)
->header('X-Inertia-Location', $paymentLink);
Where paymentLink is the link you want to send the user to.
SOURCE: https://github.com/inertiajs/inertia-laravel/issues/57#issuecomment-570581851
Edit As said by @22289d now you just need to:
return Inertia::location($url);
@kadusalles To save others a click, in that Github thread there is a new very easy way to do this. Inertia added this method:
return Inertia::location($url);
That's all you need now.
@vertexbuffer try one of the solutions https://stackoverflow.com/a/42172732. For me, the adding trailing slash to the request URL worked
how did you solve that? I'm facing similar issue https://laracasts.com/discuss/channels/laravel/redirects-not-working-no-access-control-allow-origin-header-laravel-inertiajs-and-vue
Please or to participate in this conversation.