Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

superclem's avatar

Getting 403 Forbidden response from cross-domain request.

So, here's the scenario.

I have two domains on my server: domain1.com and domain2.com.

domain1.com is running with PHP 5.6 and is the one requesting access_token from domain2.com. domain2.com is running with PHP 7.1 and is a laravel app with laravel passport implemented for client authorization.

here's the code from domain1.com:

$client = new GuzzleHttp\Client;
$response = $client->post('http://domain2.com/oauth/token', [
    'headers' => [
        'Accept' => 'application/json',
        'Content-type' => 'application/json'
    ],
    'form_params' => [
        'grant_type' => 'client_credentials',
        'client_id' => CLIENT_ID,
        'client_secret' => CLIENT_SECRET,
        'scope' => '*',
    ],
]);

this give me a response of 403 forbidden access. see the full error here.

But when i try it to postman, it works just fine.

Am I missing something here?

0 likes
0 replies

Please or to participate in this conversation.