Skip to content

Instantly share code, notes, and snippets.

@drewjoh

drewjoh/Cors.php

Created June 13, 2016 22:47
Show Gist options
  • Save drewjoh/43ba206c1cde9ace35de154a5c84fc6d to your computer and use it in GitHub Desktop.
Save drewjoh/43ba206c1cde9ace35de154a5c84fc6d to your computer and use it in GitHub Desktop.
Download ZIP
Laravel CORS Middleware
Raw
readme.md

CORS stands for Cross-Origin Resource Sharing an is a specification that allow modern browsers to request (and receive) data from a domain other than the one serving the page that made the request.

You're building a site with cool cross domain features, and then you try to make a XHR request, you see the following message in your browser’s console:

XMLHttpRequest cannot load http://site123.local. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://site.local' is therefore not allowed access. The response had HTTP status code 500.

This means your server is not sending back to the client the headers that allow CORS:

1.Access-Control-Allow-Origin 2.Access-Control-Allow-Methods

So we'll make a Laravel Middleware to fix this. (You could also add the proper headers at the Ngnix level).

Create new middleware:

php artisan make:middleware Cors

Then follow the file examples in this gist to make it happen.

See http://enable-cors.org/ for more information.

Raw
Cors.php
<?php // /app/Http/Middleware/Cors.php
namespace App\Http\Middleware;
use Closure;
class Cors {
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
}
}
Raw
Kernel.php
<?php // /app/Http/Kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'cors' => \App\Http\Middleware\Cors::class, // <<< add this line
];
Raw
routes.php
<?php
Route::get('', ['middleware' => 'cors', function() {
return 'You did it!';
}]);
@cryptiswap-admin
Copy link

cryptiswap-admin commented May 9, 2022
edited
Loading

Are you able to only add 2 domains without using a wildcard "*" to allow all domains? I mean, what's the point of CORS if you are allowing all origins?

@forwells
Copy link

forwells commented Nov 8, 2024

Laravel 系统自身携带的handlecors中间件仅处理同端口的跨域请求, 如果你使用spa 你猜这种方式是否会继续工作?哈哈

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment