Level 6
You can try to refer to an answer that I am referencing here. This is how I solved a similar problem.
Aug 1, 2018
4
Level 1
Weird CORS problem with POST requests - getting desperate now!
Hi, my application has an Angular 5 front end and a Laravel 5.5 backend. I can't get POST (or PUT) requests to work. I've installed the Spatie laravel-cors package. GET requests work fine. The POST requests work fine from Postman, but not from Chrome or Firefox. The error I get in the Chrome console is:
Failed to load http://MYDOMAIN.co.uk/public/api/module/:
Redirect from 'http://MYDOMAIN.co.uk/public/api/module/' to 'http://MYDOMAIN.co.uk/public/api/module' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
In Firefox the error is:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://MYDOMAIN.co.uk/public/api/module/. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://MYDOMAIN.co.uk/public/api/module/. (Reason: CORS request did not succeed).
It appears to be trying to '301 redirect' POST requests (although it doesn't seem to specify where to)- but it doesn't seem to do it with Postman,
The Headers list as shown by Chrome is:
General:
Request URL: http://MYDOMAIN.co.uk/public/api/module/
Request Method: POST
Status Code: 301 Moved Permanently
Remote Address: xxx.xxx.xxx.xxx:80
Referrer Policy: no-referrer-when-downgrade
Response Headers:
Connection: Keep-Alive
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 01 Aug 2018 13:37:51 GMT
Keep-Alive: timeout=5, max=100
Location: http://MYDOMAIN.co.uk/public/api/module
Server: Apache
Request Headers:
Provisional headers are shown
Accept: application/json, text/plain, /
Content-Type: application/x-www-form-urlencoded
Origin: http://localhost:4200
Referer: http://localhost:4200/managemodules
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
htaccess in the main laravel root folder is:
Options +FollowSymLinks RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L]
php -- BEGIN cPanel-generated handler, do not edit
Set the “ea-php70” package as the default “PHP” programming language.
AddType application/x-httpd-ea-php70 .php .php7 .phtml
php -- END cPanel-generated handler, do not edit
htaccess in the public folder is:
Options -MultiViews -Indexes
RewriteEngine On
\# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
\# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
\# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
In kernel.php I have the Spatie package:
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'jwt.auth' => 'Tymon\JWTAuth\Middleware\GetUserFromToken',
'jwt.refresh' => 'Tymon\JWTAuth\Middleware\RefreshToken',
'cors' => '\Spatie\Cors\Cors::class',
];
In the api.php file I have the route defined:
Route::post('module', 'ModuleController@create')->middleware('cors');
Route::get('modules', 'ModuleController@listmodules')->middleware('cors');
Route::put('module', 'ModuleController@update')->middleware('cors');
Route::delete('module/{moduleid}', 'ModuleController@delete')->middleware('cors');
I'm really pulling my hair out. I've been trying to get this working for days. Can anyone suggest anything? It will be something obvious but I'm so close to it I can't see the wood for the trees.
Thanks
Andy
Level 53
You are posting to :
http://MYDOMAIN.co.uk/public/api/module/
Because of that last / you are redirected because of your htaccess rule to:
http://MYDOMAIN.co.uk/public/api/module
If you do the request while in the network tab of developer toolbar (F12) which requests do you see there? (there should be an OPTIONS request, we need to know all request / response headers of that request).
Level 1
Salmon - thanks for that, I seem to be following all the advice there. lostdreamer_nl: I think you may be on to something there...
In response to your question, I see an extra request go out before the POST request but it is a GET request (I agree I'd expect OPTIONS) and it gets redirected, too:
Request URL: http://MYDOMAIN.co.uk/public/api/module/ Request Method: GET Status Code: 301 Moved Permanently Remote Address: xxx.xxx.xxx.xxx:80 Referrer Policy: no-referrer-when-downgrade
Level 1
lostdreamer_nl:
You beauty!! That was the problem - the trailing slash was triggering a redirect, and when I tried it in Postman, I (obviously!) didn't put the trailing slash in and so the request went through fine.
I can't believe I didn't see that, I'm just working too closely to the code.
Amazing. Youve put a smile on my face (sadly lacking over the past few days!) Thanks a lot! A
Please or to participate in this conversation.