Laravel 6 CORS policy issue with API

Question

Here is what i tried

Middleware

 return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Credentials', 'true')
        ->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Authorization, X-Requested-With, Accept, X-Token-Auth, Application')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');

API route

Route::group(['middleware' => ['cors', 'auth:api']], function() {
Route::options('{any}');
Route::post('user/profile','UserController@profile');

Kernel.php

protected $routeMiddleware = [
    'cors' => \App\Http\Middleware\Cors::class,

But still, I am getting this error in API call from another origin.

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Any reason?

did you find the solution? i can't find the solution. all solutions not working. fed up. I dont want to modify the file bootstrap/app.php — Usama, Sep 09 '21 at 10:34

score 5 · Answer 1 · answered Mar 20 '20 at 08:20

The Easiest Solution Go to bootstrap folder and open app.php file. Then just add these lines at the top of the file. app.php

  header('Access-Control-Allow-Origin: *');
  header('Access-Control-Allow-Methods: *');
  header('Access-Control-Allow-Headers: *');

Another Solution:

      php artisan make:middleware Cors

Now open Cors.php from App\Http\Middleware folder and replace handle() function with this code:

Cors.php

  public function handle($request, Closure $next)
  {
      return $next($request)
          ->header('Access-Control-Allow-Origin', '*')
          ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE,

        OPTIONS')
          ->header('Access-Control-Allow-Headers', 'Content-Type, Authorizations');
  }

Lastly, open Kernel.php from App\Http folder add the below line to the $middleware array:

  protected $middleware = [
      ...
      \App\Http\Middleware\Cors::class,
  ];

Now run the application and call API from anywhere.

The tutorial is over. Thank you.

Answer by MyNotePaper

I think this is Laravel 6 version bug, and this trick work for me — MOAZZAM RASOOL, Nov 19 '22 at 06:51

Parth kharecha · Answer 2 · 2020-01-17T12:59:41.567

2

Require the fruitcake/laravel-cors package in your composer.json and update your dependencies:

composer require fruitcake/laravel-cors

Global usage

To allow CORS for all your routes, add the HandleCors middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \Fruitcake\Cors\HandleCors::class,
];

Configuration

php artisan vendor:publish --tag="cors"

Now update the config to define the paths you want to run the CORS service on, (see Configuration below):

config/cors.php

'paths' => ['api/*'],

More details https://github.com/fruitcake/laravel-cors

edited Jan 17 '20 at 12:59

answered Jan 17 '20 at 12:47

Parth kharecha

6,135
4
25
41

HandleCors middleware should be at the top of `$middleware`: https://stackoverflow.com/a/63913814/11792577 – glinda93 Sep 16 '20 at 05:50

Laravel 6 CORS policy issue with API

2 Answers2

Linked