-
-
Notifications
You must be signed in to change notification settings - Fork 615
The 'Access-Control-Allow-Origin' header contains multiple values #63
Comments
Same issue |
Actually nothing related to the package. It was a wrong usage of the middlewares. This package works like a charm. Thanks. |
Can you update how the middleware usage was wrong,I am facing the same issue and I am using it in this way in my
|
OOO shit, i'm really late right? You are using OAuth right? I hope you not suffered too much with this shit. haha Actually your route is all right. And how the comment is saying:
It is global, so I just took away this line from the array and everything worked. Let us know if it worked or your solution, for sure other people will be interested to know the solution for this "fucking" issue. hahaha. |
This is my middleware and I have added the cors to the route middleware.This is how it looks! I have desabled the csrf token validation and kept it live only for api routes with route middleware
} I have an issue created as I did not get concrete solution from previous threads #74 Please go through as I am still stuck at this |
I got it. That sucks. Could you try to simulate the same request in a only php file (non laravel)? This message happens because in some place of your project or configuration you are running the But first of all, just try to do the tests I said and let us know what will happen to you. |
Yes,you mean at the laravel side right? I already cross checked it. |
Hmmmmm, so, you mean that the Could you try to simulate the request with a pure php file? A post request for example. Then you will know if it is something related to the server or with your application. Good luck =/ |
if I get you right, you mean instead of hitting a route,I place a
I know this is not safe,but I had make it work for obvious reasons. And I guess,if this works it has to be some issue at tbe app level. Correct me if wrong Cheers @marcelorl |
YEP, that is the point. This is something with the APP and not with your server at all. But you said that in your localhost it works smoothly right? Actually I don't recommend you to leave a cors.php file as a final solution and do the request in there, it was just a test. It would be a lot better you have it in your App. Another test that could be done -> a fresh install of laravel (with this package, otherwise you will have a default CORS error ¬¬) in your server, then you will know if it is some configuration that you have done and you dont remember. If, it still does not work, you could considerate to move the website that is pinging in your API to the same host. Thinking in RESTful, the API would be a sub-domain like: http://sachintaware.com/user/2/edit -> requester Maybe I went to far hahaha. Let me know your updates. =) |
Ok,right now the website is on S3 so its already a subdomain calling a subdomain. Fresh install would kill me right now,I will try and debug and keep install as last option. |
Hmmmmm I got it. Np. When you figure out the problem I would love to know what was that. I think that it's ok you leave the test like that, (for a while), just to do more productive things. Good luck again =). |
same issue |
Hi, I would like to share with you how I fixed the same issue and hopefully it will be included in future releases. I'm using laravel 5.2 and the problem is that laravel includes in the response headers the "Access-Control-Allow-Origin" and other headers like "Access-Control-Allow-Credentials", etc. but the CORS library doesn't overwrite them so the final response includes duplicated headers. The fix was creating a middleware with the following lines which removes the laravel default headers before the CORS library sets the right ones:
Then add this middleware to the Kernel.php file, mine looks like this where the HttpHeaders is the middleware I created which contains the above header_remove lines:
It would be great if the CORS library first removes the headers that is setting before it sets the right ones. Thanks, |
Your server must be adding the headers. I found that my nginx config in my docker container had |
If anyone still runs into this issue, here's what happened for me; I found out that I had set the 'Access-Control-Allow-Origin' in 2 different places. Removing the one that was not in my middleware fixed the issue for me. Hope this helps someone! |
I have the same problem here.
My angular application ran on the host
|
this solution resolve to me
|
Well it looks like the first header is probably from this package, the second is added elsewhere (eg valet/Apache/nginx with some config file/.htaccess), or using pho headers yourself. Do you need this package at all? When your remove this package, is 1 of those 2 Allow Origin headers still addded? |
Thanks! I think Valet is adding the additional header. |
@barryvdh You were so right! |
Is that a default config? Or did that come with Valet? |
I have never had to change valet config. This is default valet config. It has been always adding access-control-allow-origin *. |
That was my problem, I had |
Hello guys! Not an issue but little addition. Maybe it will save a lot of time for someone. I had two web-sites with Laravel and Lumen for API and I have encountred same problem after upload them from local environment (locally all was working normally) to dreamhost and I almost gone completely craze because I triple checked everything, until finally found that they have additional .htaccess located not inside web-server documentroot but in user home directory!!! |
I'm using AngularJS App on the client side to access Laravel API hosted on IIS 8.5.It works fine when client is hosted on same domain.But when hosted on different domain it gives following error.
Web.config:
Actual Response header:
Why 'Access-Control-Allow-Origin' echoed twice.
What is the right way to host API on IIS? Do I have to include headers in web.config file.
The text was updated successfully, but these errors were encountered: