Access to XMLHttpRequest at XXX from orgin in laravel6 and angular 8

0
votes

I use laravel6 and angular 8 I want send POST request in angular project to server by an API but after OPTION request method and give an error in chrome browser:

Access to XMLHttpRequest at 'http://localhost:8000/api/user/register' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I created a middleware in App\Http\Middleware:

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin', 'http://localhost:4200')
        ->header('Access-Control-Allow-Methods', 'POST, OPTIONS')
        ->header('Access-Control-Allow-Credentials', 'true')
        ->header('Access-Control-Max-Age', '10000')
        ->header('Access-Control-Allow-Headers', 'Content-Type, X-Requested-With');
}

then define middleware in kernel : app/Http/kernel.php

 'cors' => \App\Http\Middleware\Cors::class,

and define route:

Route::group(['prefix' => 'user','middleware' => 'cors'], function () {
  Route::post('login', 'Api\AuthController@login');
  Route::post('register', 'Api\AuthController@register');
  Route::group(['middleware' => 'auth:api'], function(){
    Route::post('getUser', 'Api\AuthController@getUser');
  });
});

But again I get the same Error Please help me solve it

3
phpangularlaravelhttp-headers

3 Answers

0
votes

In first create cors middleware, for example

<?php

    namespace App\Http\Middleware;

    use Closure;

    class Cors
    {
        public function handle($request, Closure $next)
        {
            $headers = [
                'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
                'Access-Control-Allow-Headers'=> 'X-Requested-With, Content-Type, Accept, Origin, Authorization',
                'Access-Control-Allow-Origin' => '*'
            ];

            if($request->getMethod() === 'OPTIONS') {
                // The client-side application can set only headers allowed in Access-Control-Allow-Headers
                return \response('', 200, $headers);
            }

            $response = $next($request);
            foreach($headers as $key => $value)
                $response->header($key, $value);
            return $response;
        }
    }

then add in Http/Kernel.php in array $middleware:

protected $middleware = [
        // other middlewares
        Cors::class
    ];

After it all requests with type OPTIONS will return response 200 with headers.

0
votes

Please try changing "http://localhost:4200" to "*" , 

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'POST, OPTIONS')
        ->header('Access-Control-Allow-Credentials', 'true')
        ->header('Access-Control-Max-Age', '10000')
        ->header('Access-Control-Allow-Headers', 'Content-Type, X-Requested-With');
}

And register it at app/Http/kernel.php file.

0
votes

I added my code images for help for you I think I did everything right but my problem is not solved Please check the photos I sent so you may find out I'm wrong

this is my API code

And this is kernel code

I use base service for send POST request in Angular

and I use Interceptor for handle Http error

my error