Laravel 12 Sanctum + React Vite blocked by CORS policy

Question

I created an app using Laravel 12 + Sanctum and React.

Locally in my laptop my app is working properly then I upload it to a Windows Server (IIS). With the same port 5173 of React and port 82 for the Laravel app. All of my methods (GET, POST, DELETE AND PATCH) have has been blocked by CORS policy No Access Allow Origin errors.

I tried the following.

• installed FruitCake on Laravel 12 but is not compatible.
• allowed_origins to * to cors.php
• Config Clear and Cache
• Edited my Sanctum_domain
• deleting CORS and publish it again

Still nothing is working.

My React App in sending Methods.

    withCredentials: true,
    withXSRFToken: true,
    headers: {
        "Content-Type": "application/json",
        "Accept": "application/json",
    },

config/CORS:

paths' => ['api/*', 'sanctum/csrf-cookie', 'login', 'logout','password-creation','password-reset'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['http://localhost:5173'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,

My env:

SESSION_DOMAIN=127.0.0.1
SANCTUM_STATEFUL_DOMAINS=127.0.0.1:5173
SESSION_DRIVER=cookie

Screenshot of error:

Answer 1

'allowed_origins' => ['http://localhost:5173'],

Try changing to

'allowed_origins' => ['http://127.0.0.1:5173']. 

If you are trying to access the uploaded versions on the server I don't think your allowed origins should be to localhost.