CORS Laravel VueJS

Question

I'm trying to do a get with axios from VueJS to Laravel which is my API.

I got this error :

Access to XMLHttpRequest at 'http://api.test/api/events/1/' from origin >'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control->Allow-Origin' header is present on the requested resource.

Uncaught (in promise) Error: Network Error at createError (createError.js?2d83:16) at XMLHttpRequest.handleError (xhr.js?b50d:87)

I've tried to create a middleware named 'cors' like here but it's not working for me or maybe I'm doing it badly ?

Strange thing ? is that's working with Postman.

Thank for the help ! :)

Did you try the second answer? stackoverflow.com/a/40199615/1308765 — Linus Juhlin
I don't have any file named routes.php but I've tried on api\vendor\symfony\routing\Route.php and on \api\routes\api.php, am I doing it wrongly ? — J. Doe
@J.Doe Never edit anything in vendor. api/routes/api.php is the file to edit - Laravel used to have all routes in routes.php, but it's not split up into web and API versions. — ceejayoz

Adis Azhar Adis Azhar · Accepted Answer · 2019-01-16T14:22:59

Servers are used to host web pages, applications, images, fonts, and much more. When you use a web browser, you are likely attempting to access a distinct website (hosted on a server). Websites often request these hosted resources from different locations (servers) on the Internet. Security policies on servers mitigate the risks associated with requesting assets hosted on different server. Let's take a look at an example of a security policy: same-origin.

The same-origin policy is very restrictive. Under this policy, a document (i.e., like a web page) hosted on server A can only interact with other documents that are also on server A. In short, the same-origin policy enforces that documents that interact with each other have the same origin.

Check this CORS library made for Laravel usage. Installation is easy:

$ composer require barryvdh/laravel-cors
$ php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"

The defaults are set in config/cors.php

return [
     /*
     |--------------------------------------------------------------------------
     | Laravel CORS
     |--------------------------------------------------------------------------
     |
     | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
     | to accept any value.
     |
     */
    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedHeaders' => ['Content-Type', 'X-Requested-With'],
    'allowedMethods' => ['*'], // ex: ['GET', 'POST', 'PUT',  'DELETE']
    'exposedHeaders' => [],
    'maxAge' => 0,
];

allowedOrigins, allowedHeaders and allowedMethods can be set to array('*') to accept any value.

To allow CORS for all your routes, add the HandleCors middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
    // ...
    \Barryvdh\Cors\HandleCors::class,
];

If you want to allow CORS on a specific middleware group or route, add the HandleCors middleware to your group:

protected $middlewareGroups = [
    'web' => [
       // ...
    ],

    'api' => [
        // ...
        \Barryvdh\Cors\HandleCors::class,
    ],
];

https://www.codecademy.com/articles/what-is-cors

CORS Laravel VueJS

3 Answers