Skip to content

Instantly share code, notes, and snippets.

@poul-kg
Last active September 18, 2024 17:32
Show Gist options
  • Save poul-kg/b669a76fc27afcc31012aa0b0e34f738 to your computer and use it in GitHub Desktop.
Save poul-kg/b669a76fc27afcc31012aa0b0e34f738 to your computer and use it in GitHub Desktop.
CORS Rules for Laravel Valet Nginx
# To enable CORS you should add lines with CORS rules below to your valet.conf file
# Find the file /usr/local/etc/nginx/valet/valet.conf - this is Valet conf for Nginx
# of try to execute `locate valet.conf` and find the `valet.coinf` in `nginx` subdirectory
# after you edit your valet.conf do not forget to execute `valet restart`
server {
listen 80 default_server;
root /;
charset utf-8;
client_max_body_size 128M;
location /41c270e4-5535-4daa-b23e-c269744c2f45/ {
internal;
alias /;
# CORS Rules
add_header Access-Control-Allow-Origin *;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
# END of CORS Rules #
try_files $uri $uri/;
}
location / {
# CORS Rules
add_header Access-Control-Allow-Origin *;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
# END of CORS Rules #
rewrite ^ /Users/pavel/.composer/vendor/laravel/valet/server.php last;
}
access_log off;
error_log /Users/pavel/.valet/Log/nginx-error.log;
error_page 404 /Users/pavel/.composer/vendor/laravel/valet/server.php;
location ~ \.php$ {
# CORS Rules
add_header Access-Control-Allow-Origin *;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
# END of CORS Rules #
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/Users/pavel/.valet/valet.sock;
fastcgi_index /Users/pavel/.composer/vendor/laravel/valet/server.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /Users/pavel/.composer/vendor/laravel/valet/server.php;
}
location ~ /\.ht {
deny all;
}
}
@amrography
Copy link

Thanks for sharing!

@Salah-Salem
Copy link

On Ubuntu 19.10 using valet linux v2.1.10, the config is in /etc/nginx/sites-enabled/valet.conf

This managed to fix an error I was having trying to use fetch to grab JSON from a valet site: TypeError: NetworkError when attempting to fetch resource.

thank you it's very helpful

@hofmannsven
Copy link

hofmannsven commented Jul 29, 2021

# CORS Rules
add_header Access-Control-Allow-Origin *;
# END of CORS Rules #

Works for me! 👍

@jamesclavel
Copy link

@hofmannsven which file did you place the code:

# CORS Rules
add_header Access-Control-Allow-Origin *;
# END of CORS Rules #

@hofmannsven
Copy link

@jamesclavel I changed it in the Nginx config file: ~/.config/valet/Nginx/sitename.test

@jamesclavel
Copy link

@jamesclavel I changed it in the Nginx config file: ~/.config/valet/Nginx/sitename.test

Thanks! It's now working!

@prakasharulmani123
Copy link

I have tried this. But it doesn't work for me either.

@ptrollins
Copy link

The above was working but then graphql preflight started failing. Updated to this based on Medium article

        set $cors_origin "*";
        if ($request_method = 'OPTIONS') {
          add_header Access-Control-Allow-Origin $cors_origin always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE' always;
          add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Cache-Hash' always;
          add_header 'Access-Control-Allow-Credentials' 'true';
          add_header 'Access-Control-Max-Age' 1728000;
          add_header 'Content-Type' 'text/plain charset=UTF-8';
          add_header 'Content-Length' 0;
          return 204;
        }
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        # END of CORS Rules #

It also worked with the following in place of set $cors_origin "*";

set $cors_origin "";

if ($http_origin ~ '^https?://(localhost:8000|sitename\.test)$') {
    set $cors_origin $http_origin;
}

@dmnyk
Copy link

dmnyk commented Feb 24, 2022

@poul-kg This works great for me, thank you. Do you know if it would be possible to somehow put it in the LocalValetDriver.php?

@poul-kg
Copy link
Author

poul-kg commented Mar 10, 2022

@dmnyk I'm not working with PHP for serveral years now, so can't answer your question, sorry.

@Henriquedn
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment