Menu
I am writing an API, and using Laravel 4 to achieve that. My api is at a different domain. lets assume that it is: http://api-example.com/
And when i try to make ajax requests via Backbone to my api from my web-app (i.e mydomain.com) with basic authentication, it sometimes works just fine, but sometimes it doesn't. I am trying to figure out why. Below are my App::before filter and App::after filter.
App::before(function($request)
{
if($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
$statusCode = 204;
$headers = [
'Access-Control-Allow-Origin' => 'http://mydomain.com',
'Allow' => 'GET, POST, OPTIONS',
'Access-Control-Allow-Headers' => 'Origin, Content-Type, Accept, Authorization, X-Requested-With',
'Access-Control-Allow-Credentials' => 'true'
];
return Response::make(null, $statusCode, $headers);
}
});
And my after filter:
App::after(function($request, $response)
{
$response->headers->set('Access-Control-Allow-Origin', 'http://mydomain.com');
$response->headers->set('Allow', 'GET, POST, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Requested-With');
$response->headers->set('Access-Control-Allow-Credentials', 'true');
return $response;
});
The thing is when i try to make a post request to /login with the credentials, API checks the db and gets the API key for the user. This is just working fine. But when i try to make a POST request to /users chrome just gives me following error:
XMLHttpRequest cannot load http://api-example.com/users. Origin http://mydomain.com is not allowed by Access-Control-Allow-Origin.
I tried everything, such as setting Access-Control-Allow-Origin to '*' everything i could be able to find from internet. But nothing worked so far. I don't know what i should do.
548
The simplest method to enable CORS is to add Access-Control-Allow-Origin:* to the response header from WEB servers, which allows CORS from any source. If you want to limit the source, you should specify the domain in the configuration such as Access-Control-Allow-Origin:https://hogehoge.com .
A new file (config/cors. php) should be added to your config folder. This file should contain default configurations for CORS. You can use the default configuration or tweak it however you wish.
Laravel CORS Middleware. readme.md. CORS stands for Cross-Origin Resource Sharing an is a specification that allow modern browsers to request (and receive) data from a domain other than the one serving the page that made the request.
There is a mistake in the header name.
header('Allow', 'GET, POST, OPTIONS'); // This is wrong.
header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); // This is right.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
