Skip to main content

Cross-Origin Resource Sharing – Laravel Framework

By
The frontend JavaScript code for a web application served from a domain uses Http Request to make a request for the API in the backend domain. For security reasons, browsers restrict cross-origin HTTP requests initiated within scripts. So how do we resolve it?



The main cause  is because, Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. A web application makes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin.





Here is the Solution for this issue:

A web application using those APIs can only request HTTP resources from the same origin the application was loaded from, unless the response from the other origin includes the right CORS headers. The CORS mechanism supports secure cross-origin requests and data transfers between browsers and web servers. Modern browsers use CORS in an API container such as XMLHttpRequest or Fetch to help mitigate the risks of cross-origin HTTP requests.



“In Laravel framework the laravel-cors package allows you to send Cross-Origin Resource Sharing headers with Laravel middle-ware configuration.”




What is laravel-cors? 

Features

  • Handles CORS pre-flight OPTIONS requests
  • Adds CORS headers to your response
Installation
Require the barryvdh/laravel-cors package in composer.json file and update your dependencies:
$ composer require barryvdh/laravel-cors

For Laravel version < 5.5, you also need to add Cors\ServiceProvider to your config/app.php providers array:
Barryvdh\Cors\ServiceProvider::class,

To allow CORS for all your routes, add the HandleCors middleware in the $middleware property of app/Http/Kernel.php class:

protected $middleware = [
//..
\Barryvdh\Cors\HandleCors::class,
];

Configuration
The defaults are set in config/cors.php. Copy this file to your own config directory to modify the values.
Note: When using custom headers, like X-Auth-Token or X-Requested-With, you must set the allowedHeaders to include those headers. You can also set it to array('*') to allow all custom headers
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.

|

    */

    'supportsCredentials' => false,

    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,
];
Labels:

Comments

Post a Comment

Popular posts from this blog

THE SWIFTMAILER INTEGRATION FOR THE YII 2 FRAMEWORK

By
Installation of Swiftmailer The preferred way to install this extension is through composer. Either run below code in composer php composer.phar require --prefer-dist yiisoft/yii2-swiftmailer or add code to the require section of your composer.json. "yiisoft/yii2-swiftmailer": "~2.1.0" Note: Version 2.1 of this extensions uses Swiftmailer 6, which requires PHP 7. If you are using PHP 5, you have to use version 2.0 of this extension, which uses Swiftmailer 5, which is compatible with PHP 5.4 and higher. Use the following version constraint in that case: "yiisoft/yii2-swiftmailer": "~2.0.0" Send Mail via SMTP from Yii2 Basic Open the configuration file /config/web.php and add your email credentials in array element inside components as shown below: <?php $params = require(__DIR__ . '/params.php'); $config = [      //...      'components' => [          'mailer' => [  ...
Post a Comment
Read more

Moving posts from one site to another in WordPress

By
Migrating content from one WordPress site to another is considered a daunting task. Most people resort to copying the content from each of the posts and pages, over to the new site. They would also need to copy details like post author, timestamp and comments. This method will take too long if there are many posts. Also the comments would list the author name as the person who adds it to the new site. Others would probably copy the same from the old database to the new one. This requires some basic technical knowledge about MySQL, and also how WordPress stores its data. We may want to copy the posts from one site to another for various purposes. Either we could have changed the domain, or maybe we have revamped an existing site and need the content to be moved to the new site. It is just two steps away! : Export and Import The solution to this is provided by WordPress itself, and it isn't as scary as you would expect.  WordPress comes with a built-in “Export” tool, and an ...
Post a Comment
Read more

What is Magento?

By
What is E-Commerce? Modern online business nowadays is becoming more and more challenging and more sophisticated. Mobile internet is accessible. Thus online stores are more trendy everywhere. E-Commerce is one of the most trending businesses in the world. E-Commerce, also known as electronic commerce or internet commerce, refers to the buying and selling of goods or services using the internet, and the transfer of money and data to execute these transactions. E-commerce is often used to refer to the sale of physical products online, but it can also describe any kind of commercial transaction that is facilitated through the internet. Whereas e-business refers to all aspects of operating an online business, e-commerce refers specifically to the transaction of goods and services. E-Commerce can take on a variety of forms involving different transactional relationships between businesses and consumers. Since Magento is the flexible and more secure platfo...
Post a Comment
Read more