Laravel 403 Error for API that previously worked

Question

as of yesterday, the code below worked. today, however, i had to run a php artisan config:cache command in laravel as i added a package and now my nice ionic app does not want to run connect to anything as i keep getting this 403 error.

the error started after i installed "rap2hpoutre/laravel-log-viewer": "^0.19.1", and cached, but i don't think that has anything to do with it. i was pretty sure my cache was up to date prior to that.

jwt produces the same error.

previously, the app was working without a cors plugin.

it provides me this error locally and on my server (as i had to cache there too).

this error is different than previous errors i have gotten when debugging this.

when i pulled the route http://xxx/api/home normally in chrome - it returns fine... same in postman

Thanks for your help!

THE ERROR

OPTIONS http://xxx/api/home 403 (Forbidden) Failed to load http://xxx/api/home: Response for preflight does not have HTTP ok status.

IONIC

basicGet_no_token(rl){
        console.log('basicGet - ' + this.base_url + rl);
        return new Promise((resolve, reject) => {
            this.http.get(this.base_url + rl, 
                {headers: new HttpHeaders({
                    'Content': 'application/json',
                    'Accept': 'application/json',
                })})
                .subscribe(res => {console.log(res);resolve(res);}, (err) => {this.handleError(err);console.log(err);reject(err);});
        }); 
    }

LARAVEL

Route::group(['middleware' => ['addHeaders']], function () {
    Route::get('home', 'api\WelcomeController@home');
});

class addHeaders
{
    public function handle($request, Closure $next)
    {
    if ($request->getMethod() == "OPTIONS") {
      return response(['OK'], 200)
        ->withHeaders([
          'Access-Control-Allow-Origin' => '*',
          'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE',
          'Access-Control-Allow-Credentials' => true,   
          'Access-Control-Allow-Headers' => 'Origin, Content-Type, X-Auth-Token, authorization, X-Requested-With'
        ]);
    }

    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE')
        ->header('Access-Control-Allow-Credentials', true)
        ->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token, authorization, X-Requested-With');

    }
}

class WelcomeController extends Controller
{
  public function home()
  {
        $r['message']="Welcome!";
    $r['allow']=true;
    $p=compact('r');
    return response()->json($p, 200);
  }
}


class Kernel extends HttpKernel
{

    protected $middlewareGroups = [
          'api' => [
            'throttle:60,1',
            'bindings',
        ],
    ];

    protected $routeMiddleware = [
        'auth'      => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic'  => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings'    => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can'       => \Illuminate\Auth\Middleware\Authorize::class,
        'guest'     => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'jwt'           => \App\Http\Middleware\JWT::class,
        'addHeaders'    => \App\Http\Middleware\addHeaders::class,
      'jwt.auth'    => \Tymon\JWTAuth\Middleware\GetUserFromToken::class,
      'jwt.refresh'   => \Tymon\JWTAuth\Middleware\RefreshToken::class,        
        'throttle'    => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    ];
}

Teoman Tıngır · Answer 1 · 2020-05-19T02:42:41.097

10

This answer may not suit all of you but if you created custom request and forget to authorize method return true you may encounter with this error.

I'm handling with authorization at policies and forget about the requests validation often. Double check when you create custom requests

Note: also note that if you are using policies, you may forgot the map your policy to model in your AuthServiceProvider

edited May 19 '20 at 02:42

answered Apr 11 '20 at 10:57

Teoman Tıngır

2,766
2
21
41

score 4 · Answer 2 · answered Aug 10 '18 at 01:00

As stated in the beginning you are using caches - at least one of them for config.

Some packages do not play well with caching machanisms of Laravel and sometimes you just forget that you are using any caching - you should always keep that in mind!

Therefore don't use any caching in dev (this is my personal preference to not loose time for not existing problems).

And in production, while deploying, you need to make yourself absolutely sure that all caches will get recreated.

These functions might be handfull to you:

php artisan cache:clear

php artisan route:clear

php artisan config:clear

php artisan view:clear

So please check them out...

@FernandoTorres even on shared hosting you sould be able to run these commands via ssh console. If not then this hosting is not sufficient to run your Laravel app. — Bart, Feb 26 '21 at 19:15

score 0 · Answer 3 · answered Aug 10 '18 at 14:41

0

I was able to find a backup copy of my configuration and restore it.

answered Aug 10 '18 at 14:41

Pete

312
2
3
15

score 0 · Answer 4 · answered Nov 03 '21 at 13:16

0

Try to request to Secure URL like; HTTPS://xxxx.yy/endpoint

API generally expects requests with HTTPS. If you use POSTMAN you should be sure about it.

Enjoy your coding!

answered Nov 03 '21 at 13:16

Enver

542
5
7

Laravel 403 Error for API that previously worked

4 Answers4

Linked