Laravel 9 - CORS is not working (Access to XMLHttpRequest has been blocked by CORS policy)
I am trying to build a separated frontend web application using Vuejs and fetching data from Laravel 9 API that I have built, when I try to access the data from the frontend that is the response in the browser console:
Access to XMLHttpRequest at 'http://localhost:8000/api' from origin 'http://127.0.0.1:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
The backend code (Laravel 9)
1- api.php file
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use App\Models\User;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::get('/', function () {
$users = User::all();
return response()->json($users, 200);
});
2- cors.php file (default configurations)
<?php
return [
/*
|--------------------------------------------------------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|--------------------------------------------------------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*', 'sanctum/csrf-cookie'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => false,
];
The frontend code (Vuejs)
> 1- main.js file (contains vue setup code)import { createApp } from 'vue'
import axios from 'axios'
import VueAxios from 'vue-axios'
import App from './App.vue'
const app = createApp(App)
app.use(VueAxios, axios)
app.mount('#app')
2- Users.vue (component that fetches the data)
<template>
<div class="users">
test
<button @click="getUsers()">Get Users</button>
{{ users }}
</div>
</template>
<script>
export default {
data() {
return {
users: [],
}
},
methods: {
getUsers() {
this.axios.get('http://localhost:8000/api').then((response) => {
// this.users = response;
// console.log(this.users);
console.log(response);
}).catch(err => console.log('error: ' + err));
}
}
}
update: more illustration
I have used a google extension that allow CORS for the browser and the extension add the following headers to response automatically:
a) access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
b) access-control-allow-methods: *
but I think it is not a solution to use an extension as I want to solve the problem for the production not only in the debugging mode
and the following are some screenshots of the response in the browser.
1- CORS error response in the browser
2- number of the header responses before enabling the extension (only 9 headers):
3- details of header responses before enabling the extension (only 9 headers):
4- number of the header responses after enabling the extension ( 11 headers):
5- Details of the header responses after enabling the extension ( 11 headers)
I find a solution for my problem, I was trying to fetch data from http://localhost:8000/api and when I checked cors.php file I find the paths key contains 2 values like the following:
'paths' => ['api/*', 'sanctum/csrf-cookie']
so like I said I was navigating to api path not api/* only so the array should contain a value of the 'api' like the following:
'paths' => ['api/*', 'sanctum/csrf-cookie', 'api']
- How to set the foreign key name in php laravel?
- How do I retrieve results as multidimensional array from mySQL and PHP?
- Disable other checkboxes with specific word when one checkbox with same is checked
- Docker Redis Connection refused
- Get all simple products that have global product attribute brand in WooCommerce
- Ternary Operators. Possible for a one sided action?
- How can I format PHP files with HTML markup in Visual Studio Code?
- RAW POST using cURL in PHP
- PHP: Trigger fatal error?
- In Docker: Fatal error: Uncaught PDOException: SQLSTATE[42S02]: Base table or view not found: 1146 Table 'cinema.movies' doesn't exist in
- Is there a special object initializer construct in PHP like there is now in C#?
- Target class [Spatie\Permission\Middlewares\PermissionMiddleware] does not exist
- Remove characters that aren't letters and numbers, replace space with a hyphen
- dompdf inserts blank page at end of document
- Allow only [a-z][A-Z][0-9] and some symbols in a string
- How do we implement custom API-only authentication in Laravel
- Format code command for PHP/HTML in Visual Studio Code
- How to validate phone number in laravel 5.2?
- Laravel - Rollback specific eloquent transaction after many other transactions committed
- Can I integrate a custom PDO wrapper in Laravel
- Split a delimited string and create single-element associative rows from the values with a static key
- Dollar symbol in eval function php
- return a value from closure to main method
- MySQL storing boolean - 1, 0 , or NULL
- Is it right to use empty() function for checking an object is null?
- Laravel - specify fields returned for collection resource
- How to solve General error: 2006 MySQL server has gone away
- MySQL docker container stuck reloading
- I cannot seem to get my contact form working in HTML/PHP (new to PHP and completely stuck)
- how to get video id from tiktok video url