laravel handling the OPTION http method request

Question

I am developing an angularjs app which uses laravel as its back end server. I am having trouble accessing data from laravel since before each GET request, angular first sends an OPTION request as below.

OPTIONS /61028/index.php/api/categories HTTP/1.1 Host: localhost Connection: keep-alive Cache-Control: max-age=0 Access-Control-Request-Method: GET Origin: http://localhost:3501 Access-Control-Request-Headers: origin, x-requested-with, accept Accept: */* Referer: http://localhost:3501/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: UTF-8,*;q=0.5 

I have tried to respond this by adding the following code in the before filter

if (Request::getMethod() == "OPTIONS") {     $headers = array(         'Access-Control-Allow-Origin' => '*',         'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE',         'Access-Control-Allow-Headers' => 'X-Requested-With, content-type'     );     return Response::make('', 200, $headers); } 

This creates a response with the headers:

Content-Encoding: gzip X-Powered-By: PHP/5.3.5-1ubuntu7.11 Connection: Keep-Alive Content-Length: 20 Keep-Alive: timeout=15, max=97 Server: Apache/2.2.17 (Ubuntu) Vary: Accept-Encoding access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE Content-Type: text/html; charset=UTF-8 access-control-allow-origin: * cache-control: no-cache access-control-allow-headers: X-Requested-With, content-type 

Although the headers are set, the browser still throws an error

XMLHttpRequest cannot load http://localhost/61028/index.php/api/categories. Origin http://localhost:3501 is not allowed by Access-Control-Allow-Origin. 

I have also tried setting the allow origin to the origin presented in the request header as below

$origin=Request::header('origin'); //then within the headers 'Access-Control-Allow-Origin' =>' '.$origin[0], 

and still the same error What am i doing wrong? Any help is greatly appreciated.

Edit 1

I am currently using a very ugly hack where i over-ride laravels initialization when an OPTIONS request is received. This i have done in the index.php

<?php if ($_SERVER['REQUEST_METHOD']=='OPTIONS') {     header('Access-Control-Allow-Origin : *');     header('Access-Control-Allow-Methods : POST, GET, OPTIONS, PUT, DELETE');     header('Access-Control-Allow-Headers : X-Requested-With, content-type'); }else{ /**  * Laravel - A PHP Framework For Web Artisans  *  * @package  Laravel  * @version  3.2.13  * @author   Taylor Otwell <[email protected]>  * @link     http://laravel.com  */ 

I also had to add the allow-origin header to the before filter.

I know this is not smart but it is my only solution for now

Answer 1

This is with reference to your question regarding the above issue. You did not mention the version of laravel and angularJS. I assume you are using lattest angularJS and Laravel. I also assume, the angular is hosted on http://localhost:3501 and the laravel is hosted on http://localhost Just follow the below steps.

• Put below code block in /public/.htaccess file of laravel

  Header set Access-Control-Allow-Origin "http://localhost:3501" Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS" Header set Access-Control-Allow-Credentials "true" 

• Put below line in config of angular

  $httpProvider.defaults.withCredentials = true; 

Never use * as wild card character. Larvel can not identify the domain for session management. So set http://localhost:3501 as full domain name to Access-Control-Allow-Origin. I think these will help you.