CORS header ‘Access-Control-Allow-Origin’ missing for json POST using API

Question

Installed fruitcake/laravel-cors on Laravel 5.8

My testserver uses php artisan serve on 127.0.0.1:8000 using routes/api.php client (nuxt) is running on 127.0.0.1:3000

I'm able to send data to the server using the POSTMAN tool

I've configured fruitcake/laravel-cors

protected $middleware = [
    // ...
    \Fruitcake\Cors\HandleCors::class,
];

and config/cors.php

<?php

return [

    /*
     * You can enable CORS for 1 or multiple paths.
     * Example: ['api/*']
     */
    'paths' => [],

    /*
    * Matches the request method. `[*]` allows all methods.
    */
    'allowed_methods' => ['*'],

    /*
     * Matches the request origin. `[*]` allows all origins.
     */
    'allowed_origins' => ['*'],

    /*
     * Matches the request origin with, similar to `Request::is()`
     */
    'allowed_origins_patterns' => [],

    /*
     * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
     */
    'allowed_headers' => ['*'],

    /*
     * Sets the Access-Control-Expose-Headers response header.
     */
    'exposed_headers' => false,

    /*
     * Sets the Access-Control-Max-Age response header.
     */
    'max_age' => false,

    /*
     * Sets the Access-Control-Allow-Credentials header.
     */
    'supports_credentials' => false,
];

Still getting:

Access to XMLHttpRequest at 'http://127.0.0.1:8000/api/customerFeedbackStore' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

in browser.

What’s the HTTP status code of the response? You can use the Network pane in browser devtools to check. Is it a 4xx or 5xx error rather than a 200 OK success response? — sideshowbarker
– sideshowbarker, Commented Feb 20, 2020 at 1:52
Update the config to define the paths you want to run the CORS service on:'paths' => ['api/*'] — hashbrown
– hashbrown, Commented Feb 20, 2020 at 1:56
This issue have been reported on github. It seems a little complicate. — tatsuya kanemoto
– tatsuya kanemoto, Commented Feb 20, 2020 at 2:12

user3845661 · Accepted Answer · 2020-02-20 14:29:59Z

1

It seems Cors was configured correctly but var_dump() and dd() before the return triggered the message anyway. Also not returning anything causes the cors message..

        var_dump($request);
        dd($request);

return with a json response (as I'm using Json) worked fine. (any other return suggestions?)

        return response()->json([
            'data-received' => true
        ]);

answered Feb 20, 2020 at 14:29

user3845661

Sign up to request clarification or add additional context in comments.

Comments

rodrigovr · Accepted Answer · 2020-02-20 01:57:00Z

0

'paths' must not be empty. You should at least se it to [ '*' ], so it covers every request.

answered Feb 20, 2020 at 1:57

rodrigovr

4542 silver badges7 bronze badges

Collectives™ on Stack Overflow

CORS header ‘Access-Control-Allow-Origin’ missing for json POST using API

2 Answers 2

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

2 Answers 2

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related