Today in this laravel cors tutorial we are going to see how to fix access-control-allow-origin problem.
This generally occurs when you are going to send the data over the third party device like android or when working with cross platforms.
I faced this issue multiple number of times when working with vueJS and angular together with laravel as backend. So today we are going to see how to install cors and configure it to fix our problem of cors in our application.
Lets get started
What are we going to do ?
There are two ways of solving this issue :-
- One of them is by using the package from github repo by (barryvdh) and its awesome.
- Secondly,we are going to create our own cors and setup in your application (This is for them who dont want to use package).
Using Laravel Cors by Barryvdh
Package are way easy use and we are going to use laravel cors package by barryvdh. But sometimes beginners like me still get problem in configuring it even through package. So, here you will see the steps that you need to go through while configuring the package.
Fetch the package into your laravel app through commandline by using,
composer require barryvdh/laravel-cors
Once you finished installing it, its time to configure it. We need to make changes into config/app.php and app/Http/kernel.php files.
Go to config/app.php and paste this line,
Barryvdh\Cors\ServiceProvider::class, exactly as image below.
Next step is to make changes in app/Http/kernel.php. Open it and add this \Barryvdh\Cors\HandleCors::class, line as in 3 sections inside kernel.php like in the image below.
Inside protected $middleware section.
Next is to keep inside both web and api section inside protected $middlewareGroups section.
Lastly, in protected $routeMiddleware section we need to register the class'cors' => \Barryvdh\Cors\HandleCors::class,. This also helps to solve class cors does not exist issue in laravel.
Finally, go to back commandline again and type php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider".
It will publish the cors and you will find new file named cors.php in your laravel config folder where you can accept and allow the sites that you want to allow to use your apis.
Now if you try to send data over cross platform then, it will work now and will not show access-control-origin issue in your application.
Creating own laravel cors Middleware
Above, we looked towards how to use laravel cors package by barryvdh to solve access-control-origin problem in your app.
But now we will create our own cors class and its middleware to work with without having to use any third party package.
Create new file called Cors.php inside your laravel application app/Http/Middleware directory.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
<?php namespace App\Http\Middleware; use Closure; class Cors { public function handle($request, Closure $next) { $domains = ['http://www.examplesite.com', 'http://www.examplesite2.com']; if(isset($request->server()['HTTP_ORIGIN'])){ $origin = $request->server()['HTTP_ORIGIN']; if(in_array($origin, $domains)){ header('Access-Control-Allow-Origin: '. $origin); header('Access-Control-Allow-Headers: Origin, Content-Type'); } } return $next($request); // ->header('Access-Control-Allow-Origin', '*') // ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); } } |
Now its time to register your newly made cors class into the app/Http/Kernel.php file so that we could use those in our routes.
Add \App\Http\Middleware\Cors::class, inside your protected $middleware section like the image below inside kernel.php.
Finally, its done now you have to use our newly made cors middleware inside your routes. Open routes/api.php and write below line of code and use the middleware.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<?php use Illuminate\Http\Request; /* |-------------------------------------------------------------------------- | API Routes |-------------------------------------------------------------------------- | | Here is where you can register API routes for your application. These | routes are loaded by the RouteServiceProvider within a group which | is assigned the "api" middleware group. Enjoy building your API! | */ Route::post('/cors-sample-test','ApiController@corsTest')->middleware('cors'); ?> |
Its done, you have finally made it. Beside from using package you need to explicitly define middleware in each single routes in your api.php, so i prefer you to use barryvdh cors package for it.
If you have any question or problems mention them in comments.
Leave a Reply