I am using Laravel 5 and a library called CORS. I am facing an error that I don't really understand what it is and why it is happening.
I am developing an API that is gonna be used by a website's front-end and an app.
I am trying to do an ajax call to the API:
$.ajax({
url: 'http://myapi.com/call',
type: 'GET',
headers: {'Authorization' : 'Bearer token123'},
crossDomain: true,
contentType: 'application/x-www-form-urlencoded; charset=UTF-8',
success : function(data) { console.log(data);},
error: function(xhr) {console.log(xhr)}
});
However I got this errro:
XMLHttpRequest cannot load http://myapi.com/call. Response for
preflight has invalid HTTP status code 500
However, when I remove the following line from the request works fine.
headers: {'Authorization' : 'Bearer token123'},
EDIT: my config/cors.php
'supportsCredentials' => false,
'allowedOrigins' => ['*'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
'exposedHeaders' => [],
'maxAge' => 0,
'hosts' => [],
Any idea about how to solve it?
The following fix worked for me (Laravel 5.4)
You can add the following to the laravel cors middleware
public function handle($request, Closure $next)
{
if ($request->getMethod() == "OPTIONS") {
return response(['OK'], 200)->withHeaders([
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE',
'Access-Control-Allow-Credentials' => true,
'Access-Control-Allow-Headers' => 'Authorization, Content-Type',
]);
}
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE')
->header('Access-Control-Allow-Credentials', true)
->header('Access-Control-Allow-Headers', 'Authorization,Content-Type');
}
and for each of your routes which gets preflight requests add a options method too
Route::post('/yourroute', 'YourController@index');
Route::options('/yourroute', 'YourController@index');
Did you configure CORS on server in laravel, there are couple of option to do the same
# one of the way is to add below in .htaccess (modify accordingly)
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
# other options you can refer to below link of laracasts
Source: https://laracasts.com/discuss/channels/requests/laravel-5-cors-headers-with-filters/?page=2
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 女痞 的文章《Laravel 5 CORS - XMLHttpRequest cannot load http:/》','https://www.manongdao.com/article-418618.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}