1

Errors

Access to XMLHttpRequest at 'https://api.domain.com/api/register' from origin 'https://nuxt-app.domain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I am using PHP Laravel for backend API development and Nuxt.js for my frontend application.

Laravel Sanctum Installation

  1. composer require laravel/sanctum
  2. php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
  3. php artisan migrate
  4. In App/Http/Kernel.php to api middleware group, Add Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class
  5. In config/cors.php, set supports_credentials to true
  6. In .env file, add SESSION_DOMAIN=.domain.com and SANCTUM_STATEFUL_DOMAINS=nuxt-app.domain.com
  7. In routes/api.php, Modify Route::middleware('auth:sanctum')

nuxt.config.js

{
modules: [
    '@nuxtjs/axios',
    '@nuxtjs/auth-next'
  ],

axios: {
    credentials:true,
    proxy: true 
  },

proxy: {
    '/api': {
      target: 'https://api.domain.com',
      pathRewrite: { '^/api': '/' }
    }
  },

auth: {
    strategies: {
      laravelSanctum: {
        provider: "laravel/sanctum",
        url: "https://api.domain.com",
        endpoints: {
          login: {
            url: "/api/login",
            method: "POST"
          },
          logout: {
            url: "/api/logout",
            method: "POST"
          },
          user: {
            url: "/api/user"
          }
        },
        user: {
          property: false
        }
      }
    },

    redirect: {
      login: "/login",
      logout: "/login",
      home: "/dashboard"
    }
  },
}

Register.vue

<script>
export default {
  middleware: ["guest"],
  head() {
    return {
      title: "Register",
    };
  },
  data() {
    return {
      form: {
        name: "",
        email: "",
        password: "",
        password_confirmation: "",
      },
      errors: [],
    };
  },
  methods: {
    async register() {
      await this.$axios.get("https://api.domain.com/sanctum/csrf-cookie");
      await this.$axios
        .$post("https://api.domain.com/api/register", this.form)
        .then((response) => {       
          console.log(response);
          this.$router.push("/login");
        })
        .catch((error) => {      
          this.errors = error.response.data.errors;
          console.log(this.errors);
        });
    },
  },
};
</script>

Is there anything else to do? If 'Yes' then, please guide me. Otherwise, Why it's not working on the production server? Does anyone know how to fix this error?

JS TECH
  • 1,556
  • 2
  • 11
  • 27
  • try to clear laravel routes cache – David Jun 23 '21 at 12:55
  • @David not work. – JS TECH Jun 23 '21 at 13:06
  • after all, you reset the cache on the production server? – David Jun 23 '21 at 13:09
  • 1
    Yes, `php artisan optimize:clear` – JS TECH Jun 23 '21 at 13:11
  • You are proxying `/api` in your config but not taking advantage of it in your methods. Trying calling your api with a relative URL following your pathRewrite rule. (i.e. `await this.$axios.get("/api/sanctum...`) – Steve Hynding Jun 25 '21 at 19:23
  • @SteveHynding I got it but till now I can't figure out this issue. Do you know how to get rid of this error? – JS TECH Jun 27 '21 at 02:44
  • When you proxy, you should not be calling `https://whatever.domain` explicitly for your any of your api urls, whether in nuxt config or elsewhere. Honestly, I think a better solution would be to enable CORS for your Laravel API site. I don't have much experience with Laravel but I am confident, given its reputation and community, setting up CORS for its API is relatively easy to lookup (and you wouldn't need to proxy at all). – Steve Hynding Jun 28 '21 at 03:50
  • @SteveHynding Thanks for the reply, now I am at the conclusion that unless I have a `node.js` server, I can't figure out this CORS error because currently, I have a static server. – JS TECH Jun 28 '21 at 14:36
  • I went to the Laravel site and searched CORS. This should lead you to exactly what you need: https://laravel.com/docs/8.x/routing#cors – Steve Hynding Jun 30 '21 at 22:29

0 Answers0