1

I'm creating a project with Laravel that will have to connect to my frontend created with react. I hosted the backend on 000webhost but it gives me CORS error when I try to make an api call. I read that for Laravel 10 you no longer use fruitcake/laravel-cors but just have

 \Illuminate\Http\Middleware\HandleCors::class

the app/Http/Kernel.php file. I've already done this but it keeps giving me the same errors. How do I solve it?

Do I need to specify the Middleware in the routes or does it apply automatically?

The error Cross-origin request blocked: Origin match policy does not allow reading remote resource from https://expense-api.000webhostapp.com/api/login. Reason: CORS request failed. Status code: (null).

Improve this question
5
  • Are you using Sanctum ? Commented Oct 16, 2023 at 11:07
  • You wrote: [...] it keeps giving me the same errors. How do I solve it? But what error messages(s) are you referring to? That's vital information for getting help on this site. Please see stackoverflow.com/help/how-to-ask Commented Oct 16, 2023 at 11:54
  • @PsyLogin yes I'm using sanctum Commented Oct 19, 2023 at 7:29
  • @jub0bs sorry, you're right, the error is Cross-origin request blocked: Origin match policy does not allow reading remote resource from expense-api.000webhostapp.com/api/login. Reason: CORS request failed. Status code: (null). Commented Oct 19, 2023 at 7:31
  • Did you check the preflight response in the client? Commented Nov 8, 2023 at 18:33

1 Answer 1

Reset to default
1

There's a file in your config directory called cors.php. In there, you may configure your settings for cross-origin resource sharing | or "CORS" as you please.

Let me share my own copy to guide you through it.

<?php

return [

/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/

'paths' => ['api/*' , 'sanctum/csrf-cookie'],

'allowed_methods' => ['*'],

'allowed_origins' => [
    'your frontend/react/vue app URL here',
    'http://localhost:3000',
    '*'
],

'allowed_origins_patterns' => [],

'allowed_headers' => [':authority:', ':method:', ':path:', ':scheme:','*'],

'exposed_headers' => [],

'max_age' => 0,

'supports_credentials' => false,
];

This is would white list those URLs and solve your CORS problem.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I have verified the above two steps. But the issue is still there. Any idea?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.