CORS Laravel VueJS

Question

I'm trying to do a get with axios from VueJS to Laravel which is my API.

I got this error :

Access to XMLHttpRequest at 'http://api.test/api/events/1/' from origin >'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control->Allow-Origin' header is present on the requested resource.

Uncaught (in promise) Error: Network Error at createError (createError.js?2d83:16) at XMLHttpRequest.handleError (xhr.js?b50d:87)

I've tried to create a middleware named 'cors' like here but it's not working for me or maybe I'm doing it badly ?

Strange thing ? is that's working with Postman.

Thank for the help ! :)

Answer 1

Servers are used to host web pages, applications, images, fonts, and much more. When you use a web browser, you are likely attempting to access a distinct website (hosted on a server). Websites often request these hosted resources from different locations (servers) on the Internet. Security policies on servers mitigate the risks associated with requesting assets hosted on different server. Let's take a look at an example of a security policy: same-origin.

The same-origin policy is very restrictive. Under this policy, a document (i.e., like a web page) hosted on server A can only interact with other documents that are also on server A. In short, the same-origin policy enforces that documents that interact with each other have the same origin.

---

Check this CORS library made for Laravel usage. Installation is easy:

$ composer require barryvdh/laravel-cors
$ php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"

The defaults are set in config/cors.php

return [
     /*
     |--------------------------------------------------------------------------
     | Laravel CORS
     |--------------------------------------------------------------------------
     |
     | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
     | to accept any value.
     |
     */
    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
    'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT',  'DELETE']
    'exposedHeaders' => [],
    'maxAge' => 0,
];

allowedOrigins, allowedHeaders and allowedMethods can be set to array('*') to accept any value.

To allow CORS for all your routes, add the HandleCors middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \Barryvdh\Cors\HandleCors::class,
];

If you want to allow CORS on a specific middleware group or route, add the HandleCors middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \Barryvdh\Cors\HandleCors::class,
    ],
];

https://www.codecademy.com/articles/what-is-cors

Answer 2

Tried sending Axios request from Vue app to Laravel backend.

I had CORS Error and I couldn't find the solution.

After following request execution in vendor files I found out that I was simply testing it wrong.

I was testing on url: http://localhost/api, but in config/cors.php there is:

'paths' => ['api/*', 'sanctum/csrf-cookie'],

So all I had to do was to change request to http://localhost/api/... and it started working. Another solution is adding 'api' to paths array in config/cors.php if you want to use http://localhost/api

Answer 3

The problem you are facing is with the same origin policy. you can read about it on the Mozilla site (https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control). it is basally to proven un authorized access to web servers. you can change the way your web server reacts and i also in that link i have included.