Adding Access-Control-Allow-Origin header response in Laravel 5.3 Passport

by

The simple answer is to set the Access-Control-Allow-Origin header to localhost or *. Here’s how I usually do it:

Create a simple middleware called Cors:

php artisan make:middleware Cors

Add the following code to app/Http/Middleware/Cors.php:

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}

You can replace the * with localhost or keep it as it is.

Next step is to load the middleware. Add the following line to the $routeMiddleware array in app/Http/Kernel.php.

'cors' => \App\Http\Middleware\Cors::class,

And the final step is to use the middleware on the routes to which you want to set the access origin headers. Assuming you are talking about the new api routes in laravel 5.3, the place to do it is app/Providers/RouteServiceProvider.php, inside the mapApiRoutes() function (you can remove or comment the previous code of the function):

    Route::group([
        'middleware' => ['api', 'cors'],
        'namespace' => $this->namespace,
        'prefix' => 'api',
    ], function ($router) {
         //Add you routes here, for example:
         Route::apiResource('/posts','PostController');
    });

More Related Contents:

  1. How to resolve ‘preflight is invalid (redirect)’ or ‘redirect is not allowed for a preflight request’
  2. Access-Control-Allow-Origin wildcard subdomains, ports and protocols
  3. What is an opaque response, and what purpose does it serve?
  4. How to enable Cross domain requests on JAX-RS web services?
  5. same-origin policy and CORS – what’s the point?
  6. What is the issue CORS is trying to solve?
  7. How to apply CORS preflight cache to an entire domain
  8. Why are CORS requests failing in Microsoft Edge but working in other browsers?
  9. Why is Access-Control-Expose-Headers needed?
  10. Are there any browsers that set the origin header to “null” for privacy-sensitive contexts?
  11. Firebase Storage and Access-Control-Allow-Origin
  12. Access-Control-Allow-Origin error sending a jQuery Post to Google API’s
  13. Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers
  14. Why am I seeing an “origin is not allowed by Access-Control-Allow-Origin” error here? [duplicate]
  15. CORS – How do ‘preflight’ an httprequest?
  16. What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
  17. How can you debug a CORS request with cURL?
  18. Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
  19. Understanding AJAX CORS and security considerations
  20. API Gateway CORS: no ‘Access-Control-Allow-Origin’ header
  21. What are the integrity and crossorigin attributes?
  22. Cross-Domain AJAX doesn’t send X-Requested-With header
  23. Laravel Passport Scopes
  24. Getting Spotify API access token from frontend JavaScript code
  25. IIS hijacks CORS Preflight OPTIONS request
  26. AWS CloudFront: Font from origin has been blocked from loading by Cross-Origin Resource Sharing policy
  27. Does Wikipedia API support CORS or only JSONP available?
  28. socket.io, ‘Access-Control-Allow-Origin’ error
  29. XMLHttpRequest: Network Error 0x80070005, Access is denied on Microsoft Edge (but not IE)
  30. Angular 2 Spring Boot Login CORS Problems

Leave a Comment