Recently, I installed Laravel CORS by barryvdh. While the module appears to be functioning correctly, I am still encountering the Access-Control-Allow-Origin error.
When attempting to make a request to , I receive the error message stating that no 'Access-Control-Allow-Origin' header is present on the resource. This prevents my origin 'http://www.example.com:8000' from accessing it.
Below is a snippet of my Angular code used to execute the function:
var SomeApp = angular.module('SomeApp',['ngResource','ngSanitize'])
SomeApp.factory('SomeAppService', ['$resource', function($resource){
return {
firstActions : $resource(svrid('acns') + '/action/:payload',{payload:'@payload'},
{
'remove': {method:'DELETE',isArray:true, cache:false},
'save' : {method:'POST', isArray:true, cache:false},
'query' : {method:'GET', isArray:true,cache:false},
}, {cache:false}
),
//additional functions here
};
}]);
Upon further investigation into the code, it seems that the expected headers are not being included in the XHR request (see image below).
What could be causing this issue?
Update 1: Upon narrowing down the problem, it seems to be related to barryvdh's laravel-cors utilizing asm89's stack-cors where the config\cors.php may not be properly passed to asm89. Although not entirely sure of the problem, I attempted some manual overrides which allowed the `OPTIONS` method to work when manually passing the array in `config\cors.php` to asm89, but this caused other methods to fail.
Update 2: To address the issue, I manually altered a section under `Asm89\Stack\CorsService` as follows:
private function normalizeOptions(array $options = array())
{
$options += array(
'allowedOrigins' => array('*'),
'supportsCredentials' => true,
'allowedHeaders' => array('*'),
'exposedHeaders' => array('*'),
'allowedMethods' => array('*'),
'maxAge' => 0,
);
// Additional code for normalization
return $options;
}
I also commented out a small section:
public function handlePreflightRequest(Request $request)
{
/*if (true !== $check = $this->checkPreflightRequestConditions($request)) {
return $check;
}*/
return $this->buildPreflightCheckResponse($request);
}
This configuration worked perfectly for preflight `OPTIONS` and `GET` methods, but encountered errors with `POST` and `DELETE` methods, showing the 'Access-Control-Allow-Origin' error message. The response had an HTTP status code of 500.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:8000' is therefore not allowed access.
These issues arose after the preflight `OPTIONS` request.