Laravel 5.0 Support #24
Comments
Bummer, will look when it's in beta. |
First try, can you check it out: 402de0f You need to add the Middleware manually. |
Hi I tried your steps in setting up on Laravel 5 but no luck, see my configuration below:
Already added in Service provider and Middleware too. Do you have a detail guide for Laravel 5? thanks. |
I have tested the updated code. It is working for GET/OPTION requests. However, when I try POST/PUT/DELETE requests I'm receiving a 302 Found response, and the request is never processed. Does that sound like something it should be doing or perhaps something I'm doing wrong? EDIT: This was on my end. Everything appears to be working perfect. Thanks for the update. |
As a side note Laravel 5 no longer uses config:publish in Artisan, it uses publish:config, just wanted to point that out for anybody having trouble getting it setup until the documentation has been updated. |
Hi, Please provide an example how the package config would get loaded into laravel 5 ConfigServiceProvider? I can't seem to get this right |
my experience is that the config in the config folder is not getting loaded (had some thougts why my rules do not work except on /api 😆 , i edited the config/config.php in the vendor folder which does what i expect. |
You have to load it yourself, using the |
I do not know where the config helper method is, if you referred to the artisan command, i guess that one is gone |
Not sure, something like this? https://github.com/laravel/laravel/blob/develop/app/Providers/ConfigServiceProvider.php
or |
perfect, thanks! |
I'm using this client code ( AngularJS + Restangular ) to make a request to a L5 app API: Restangular.setBaseUrl('http://snapx-server.dev/api');
Restangular.all('user/login').post(credentials).then(function(response) {
console.log(response);
},
function(error)
{
console.error(error);
}); I've installed your package and added middleware manually to Kernel.php ... but I have this error:
This is the configuration that I have used: <?php
return array(
/*
|--------------------------------------------------------------------------
| Laravel CORS Defaults
|--------------------------------------------------------------------------
|
| The defaults are the default values applied to all the paths that match,
| unless overridden in a specific URL configuration.
| If you want them to apply to everything, you must define a path with *.
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value, the allowed methods however have to be explicitly listed.
|
*/
'defaults' => array(
'supportsCredentials' => true,
'allowedOrigins' => array(),
'allowedHeaders' => array(),
'allowedMethods' => array(),
'exposedHeaders' => array(),
'maxAge' => 0,
'hosts' => array(),
),
'paths' => array(
'api/*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('*'),
'allowedMethods' => array('*'),
'maxAge' => 3600,
),
'*' => array(
'allowedOrigins' => array('*'),
'allowedHeaders' => array('Content-Type'),
'allowedMethods' => array('POST', 'PUT', 'GET', 'DELETE'),
'maxAge' => 3600,
'hosts' => array('api.*'),
),
),
); Checking "Network" tab on Chrome DevTools I see this 2 requests: OPTIONSPOSTI notice that in the 2° request, the response doesn't have the "Accept-*" headers ... is it right? |
Okay, so I'm going crazy trying to use this in Laravel 5, and I want to make sure I'm not doing anything wrong. Using AngularJS to make the requests, if I make a request without any extra headers, this package works beautifully. As soon as I add a header on (such as Authorization), Chrome / Safari / Firefox decide to do an OPTIONS request ahead of time. I get a 200 response, but without the Access-Control-Allow-Origin which makes the request fail. Any way of getting around that? I've looked and looked and cannot find a solution for this. |
Did you enable |
Yes. This is the configuration I'm using to try and figure this out.
|
It seems that it fails at the OPTIONS preflight request no matter what extra header I add on. It's not limited to only Authorization. |
Hmm perhaps Laravel 5 change the way it handled OPTIONS request. |
It seems like if there is no body, the Access-Control-Allow-Origin does not come back in the OPTIONS request. When I did this inside of the
However, when I added some content, it showed up:
Thoughts? |
Any update? |
The way I got around it was this. It's not great, but it works. There has to be some form of text in the body. A blank body does not work. I put this inside of
Unless someone else has a better idea? |
I'm glad I'm not the only one running into this issue. I can't get any response headers set from my API to my app. I'm using the example config posted above by @cjmaio with my app sitting on Any
I've set up my Kernel.php file like this
FWIW if I go to the api routes directly in the browser I get the correct JSON responses printed into the window, so this is definitely a CORS issue, but I'm actually thinking Laravel might be the cause...maybe Anyone got any further suggestions? |
Okay so, my issue was fixed when I changed my API request path and added a prefix for the domain. Not sure why this fixed the issue but it's working now. However one thing is now the |
Can you guys checkout the |
@barryvdh |
FWIW guys I got mine working totally fine on the old version which still has the middleware. |
can you show how? i mean can you post your setup here? |
Yeah sure, I'm on a dev stack at the moment so all of these are just totally open for now, obviously in production the settings would change. My
For some reason I commented out the entire My
Then, and this was the real fixer, I prefixed my API underneath a route like this
Before I did this nothing worked. I just kept getting CORS errors. Hope this helps. |
It works! Thanks! But, why we need to to comment out Again, thanks for helping out 👍 |
I'm not sure if that middleware was causing issues with CORS...but I didn't need it personally as CSRF is more related to hijacking cookies that are used for Authentication - and I'm using JWTs so it's not really a concern for me. It depends on your project. Again the production config would be totally based on your own use case, but basically just tightening down on allowed origins, the correct response headers etc., |
I just downgrade to 0.4 and it works fine. Something is wrong with post request on 0.5 |
Can confim that downgrading to 0.4 fixed my CORS issues without further changes. I had problems even with GET requests on 0.5, more specifically with the following error message: "Request header field Authorization is not allowed by Access-Control-Allow-Headers." For context's sake, I use Authorization header in order to do a Token-based authentication. |
I've reverted the changes in 0.5, so 0.6.0 should be the same as 0.4, with L5.1 support. |
Hi, I've been having this problem specifically when trying to use CORS in a script tag in Internet Explorer (works fine in other browsers), laravel/framework#2962 (comment) this solution worked for me but I have no idea how/why. |
Hi guys , got a question, ive been doing a restfull app in laravel and im getting an error when i try to update .... PUT http://127.0.0.1:8000/api/task 405 (Method Not Allowed), can someone help? public function update(Request $request, $id)
} |
With the new middleware implementation in Laravel 5.0 this package no longer works.
The text was updated successfully, but these errors were encountered: