I have just installed Laravel CORS by barryvdh, the module works fine to my knowledge but i seem to be still facing the Access-Control-Allow-Origin error

XMLHttpRequest cannot load http://acns.example.com:8000/status/d6uIlvwwi8PrvQe4kQfufyZ0LlqQqJyGeyJjdC…I4OTYzMTJlYzYyMmMxOTVkNWI5YjNjYzM1MTczNyIsInMiOiI2ZDcwZDg5N2FkOTQxZDFkIn0=. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:8000' is therefore not allowed access.

below is my angular code to execute the function:

var SomeApp = angular.module('SomeApp',['ngResource','ngSanitize'])
SomeApp.factory('SomeAppService', ['$resource', function($resource){

    return {          
       firstActions : $resource(svrid('acns') + '/action/:payload',{payload:'@payload'},
                {
                    'remove': {method:'DELETE',isArray:true, cache:false},
                    'save' : {method:'POST', isArray:true, cache:false},
                    'query' : {method:'GET', isArray:true,cache:false},
                }, {cache:false}        
        ),

        //some more other functions
    };

 }]);

While further diving into the code, i realize that the supposingly appended headers are not being included in the xhr request (refer image below)

What am I missing here?

Update 1: I slightly narrow down the problem most probably related to barryvdh's laravel-cors that uses asm89's stack-cors where by the config\cors.php is not properly passed to asm89. Not very confident with the problem but i did some manual override which causes OPTIONS to work when i manually pass the array in config\cors.php to asm89 but then on the other hand causes other methods to fail.

Update 2: i tried manually alter a section under Asm89\Stack\CorsService give it a default value like such:

private function normalizeOptions(array $options = array())
    {
            $options += array(
            'allowedOrigins' => array('*'),
            'supportsCredentials' => true,
            'allowedHeaders' => array('*'),
            'exposedHeaders' => array('*'),
            'allowedMethods' => array('*'),
            'maxAge' => 0,
        );
        // Some other codes
        // normalize array('*') to true

        return $options;
    }

and comment out one small section

public function handlePreflightRequest(Request $request)
{
    /*if (true !== $check = $this->checkPreflightRequestConditions($request)) {
    return $check;
    }*/

    return $this->buildPreflightCheckResponse($request);
}

It works perfectly for preflight OPTIONS and GET method but POST and DELETE method will prompt me with an error

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:8000' is therefore not allowed access. The response had HTTP status code 500.

After the preflight OPTIONS request

You need to add the CORS response headers in the server side.

I was having a similar issue, where all cross-domain AJAX requests would work, expect for POST requests. The POST responses would be missing the 'Access-Control-Allow-Origin' header, but GET and DELETE requests functioned as expected.

It turned out that I had disabled suppression of deprecated warning in php.ini, and by using

$data = Input::json()->all();

in my controller, PHP was throwing a

 PHP Deprecated:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0

warning, followed by a

PHP Warning:  Cannot modify header information - headers already sent

warning.

This meant that my custom headers were never sent. I fixed the problem by simply suppressing the deprecated warnings in php.ini.

The deprecated problem I will have to deal with in the future, but for now it's a functioning workaround to getting POST data from JSON requests in laravel.