0

0

I am facing issues enabling CORS support for a PHP (laravel) application that is hosted using Google App Engine and the flexible environment.

Every AJAX request using the axios library results in the following error...

Access to XMLHttpRequest at 'https://api.[something].services/request' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Nguyễn Ngọc Lương
  • 3
  • 2

2 Answers2

0

You will most likely need to add:

header('Access-Control-Allow-Origin: *');

The PHP code above indicates that the wildcard character * will allow everybody to make Ajax requests to your web application.

header('Access-Control-Allow-Origin: http://example.com');

The PHP code above indicates that example.com has permission to make cross-domain requests to your web application.

Additionally, I recommend that you take a look at this PHP Laravel package to send Cross-Origin Resource Sharing headers with Laravel middleware configuration.

Also see:

sllopis
  • 2,292
  • 1
  • 8
  • 13
0
runtime: php
env: flex
manual_scaling:
  instances: 1
resources:
  cpu: 4
  memory_gb: 4
  disk_size_gb: 20
runtime_config:
  document_root: public

# Ensure we skip ".env", which is only for local development
skip_files:
  - .env
  - .git
  - /vendor/
  - /node_modules/

env_variables:
  # Put production environment variables here.
  APP_LOG: errorlog
  APP_KEY: [REDACTED]
  APP_NAME: MyApp
  APP_ENV: production
  APP_DEBUG: false
  APP_URL: https://example.com
  CUSTOM_CSS: example.css
  FRONTEND_URL: https://web.example.com

  LOG_CHANNEL: stackdriver
  LOG_SLACK_WEBHOOK_URL: https://hooks.slack.com/services/T011E768GNR/B011E7A307P/CGK4zZwTG1tieLwZ1uTx77

  DB_CONNECTION: mysql
  DB_HOST: 127.0.0.1
  DB_PORT: 3306
  DB_DATABASE: dbname
  DB_USERNAME: root
  DB_PASSWORD: [REDACTED]
  DB_SOCKET: "[REDACTED]"

This is a part of app.yml

This is a part of composer.json

protected $middleware = [
        \App\Http\Middleware\TrustProxies::class,
        \App\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        \App\Http\Middleware\GaeProxyIp::class,
        \App\Http\Middleware\GaeSetHstsHeader::class,
        \Fruitcake\Cors\HandleCors::class,
    ];

Use Fruitcke\Cors

and cors config im using default

'paths' => ['api/*'],

    /*
    * Matches the request method. `['*']` allows all methods.
    */
    'allowed_methods' => ['*'],

    /*
     * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
     */
    'allowed_origins' => ['*'],

    /*
     * Patterns that can be used with `preg_match` to match the origin.
     */
    'allowed_origins_patterns' => [],

    /*
     * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
     */
    'allowed_headers' => ['*'],

Thanks for your support

sllopis
  • 2,292
  • 1
  • 8
  • 13
Nguyễn Ngọc Lương
  • 3
  • 2
  • Does your App Engine path endpoint starts with `api/` as defined in your code? Have you tried adding the `Access-Control-Allow-Origin` header within your application's code? Also see the following [GitHub issue](https://github.com/fruitcake/laravel-cors/issues/481#issuecomment-701029359). If that does not work, please let me know if moving `\Fruitcake\Cors\HandleCors::class,` to the top of the list in `$middleware` makes any difference and make sure the steps, as mentioned [here](https://stackoverflow.com/a/63913814/7725879). – sllopis Oct 16 '20 at 06:35