| <?php namespace App\Providers; | |
| use Illuminate\Support\ServiceProvider; | |
| /** | |
| * If the incoming request is an OPTIONS request | |
| * we will register a handler for the requested route | |
| */ | |
| class CatchAllOptionsRequestsProvider extends ServiceProvider { | |
| public function register() | |
| { | |
| $request = app('request'); | |
| if ($request->isMethod('OPTIONS')) | |
| { | |
| app()->options($request->path(), function() { return response('', 200); }); | |
| } | |
| } | |
| } |
| <?php namespace App\Http\Middleware; | |
| class CorsMiddleware { | |
| public function handle($request, \Closure $next) | |
| { | |
| $response = $next($request); | |
| $response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, PATCH, DELETE'); | |
| $response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers')); | |
| $response->header('Access-Control-Allow-Origin', '*'); | |
| return $response; | |
| } | |
| } |
Register the CatchAllOptionsRequestsProvider service provider in bootstrap/app.php which will check the incoming request and response successfully if it is an OPTIONS request.
Add the CorsMiddleware to the $app->middleware([ array in bootstrap/app.php which will attach the following CORS headers to all responses:
Thank you so much.
@rgehan solutions works perfectly adding a Middleware. Im Working Lumen 5.4 in vhost (custom domain) and consuming via Angular4 (locahost)
===
UPDATE > @rgehan your solution doesn't work on anonymous function - download method
$app->get('images/covers/{image}', function($image = null){
$path = storage_path().'/app/covers/';
if(file_exists($path . $image)){
return response()->download($path . $image);
}
});
Thanks @rgehan. This modification works well
Thanks @rgehan. You save my life.
Thank you mate!
I had to change my response headers a little to make it works on here. The allowed headers now looks like this
'Access-Control-Allow-Headers' => 'access-control-allow-origin,authorization,content-type'
Thank you so much this really helped me out!
Don't know if anyone had to do the same thing, but I had to do
$app->options('/card', ['middleware' => 'cors', '']);
$app->post('/card', ['middleware' => 'cors', 'uses' => 'CardController@createCard']);
to make it work maybe I missing a step.
hi thanks
It worked for me.
hi vamidi you need to register the middleware in bootstrap/app.php inside the app->middleware.
this is explained in top post.
hi I worked me for get request but for post request it is not working for me.
hi,
if you are using the IIS server by chance you set the HTTP request headers as below
Access-Control-Allow-Origin:*
Access-Control-Allow-Methods: 'HEAD, GET, POST, PUT, PATCH, DELETE'
Access-Control-Allow-Headers: 'Origin, Content-Type, X-Auth-Token';
then everything works fine.
and now POST 404 not found
Thank you.
Thanks @rgehan. You save my life.
@danharper try to update your solution with the @rgehan given
Thanks @danharper.
I'm still concerned about the usage of Service Provider, isn't it meant to be used for registering things instead of handling things?
Cors middleware is working but catchalloptionsprovider is not working and throwing the following error..Somebody,
please help me!!
Wow...Finally... Thanks a lot
It works. Thanks
So This is the perfect solution for me
<?php namespace App\Providers;
use Illuminate\Support\ServiceProvider;
/**
* If the incoming request is an OPTIONS request
* we will register a handler for the requested route
*/
class CatchAllOptionsRequestsProvider extends ServiceProvider {
public function register()
{
$request = app('request');
if ($request->isMethod('OPTIONS'))
{
app()->options($request->path(), function() { return response('', 200); });
}
}
}
<?php
namespace App\Http\Middleware;
use Closure;
class CorsMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
//Intercepts OPTIONS requests
if($request->isMethod('OPTIONS')) {
$response = response('', 200);
} else {
// Pass the request to the next middleware
$response = $next($request);
}
// Adds headers to the response
$response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, PATCH, DELETE');
$response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers'));
$response->header('Access-Control-Allow-Origin', '*');
// Sends it
return $response;
}
}
$app->middleware([
App\Http\Middleware\CorsMiddleware::class
]);
$app->register(App\Providers\CatchAllOptionsRequestsProvider::class);
Thanks to @danharper and @rgehan
Thanks a lot mate..
thanks @davidnknight @rgehan
You're right, all of this Middleware logic can be placed just in the middleware file and not also in a ServiceProvider.
ref:
https://gist.github.com/danharper/06d2386f0b826b669552#gistcomment-1694593
https://gist.github.com/danharper/06d2386f0b826b669552#gistcomment-2013919
Thanks for summing it up @nusendra
my pleasure bud @choyan
Works for me. Many Thanks. :)
Thanks very much for this
Could you please explain how this solution can possibly be correct? My understanding is that OPTIONS exists in the HTTP standard for a reason. Carelessly stubbing it to a no-op must eventually have Dire Consequences, right?
My solution was creating CorsMiddleware as below:
<?php
/**
* Location: /app/Http/Middleware
*/
namespace App\Http\Middleware;
use Closure;
class CorsMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$headers = [
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'POST,GET,PATCH,PUT,DELETE,OPTIONS',
'Access-Control-Max-Age' => '86400',
'Access-Control-Allow-Headers' => 'Content-Type,API-KEY'
];
if ($request->isMethod('OPTIONS')) {
return response()->json('', 200, $headers);
}
$response = $next($request);
foreach ($headers as $key => $value) {
$response->header($key, $value);
}
return $response;
}
}Then register the middleware with a name in bootstrap/app.php as below:
$app->routeMiddleware([
'cors' => App\Http\Middleware\CorsMiddleware::class
]);Then wrapping required routes between the defined middleware in routes/web.php as below, and adding an additional rule to handle preflight OPTIONS requests:
$router->group(['middleware' => 'cors'], function () use ($router) {
//All the routes you want to allow CORS for
$router->options('/{any:.*}', function (Request $req) {
return;
});
});NOTE
Using Chrome, you can get a more detailed error message than Firefox, which will help you to fix the problem and exactly states why there is no Access-Control-Allow-Origin in the response header. Also, keep in mind that any kind of redirect is not allowed in the preflight request, so make sure you don't have such rule in your .htaccess or any other place.
My solution was creating CorsMiddleware as below:
<?php /** * Location: /app/Http/Middleware */ namespace App\Http\Middleware; use Closure; class CorsMiddleware { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $headers = [ 'Access-Control-Allow-Origin' => '*', 'Access-Control-Allow-Methods' => 'POST,GET,PATCH,PUT,DELETE,OPTIONS', 'Access-Control-Max-Age' => '86400', 'Access-Control-Allow-Headers' => 'Content-Type,API-KEY' ]; if ($request->isMethod('OPTIONS')) { return response()->json('', 200, $headers); } $response = $next($request); foreach ($headers as $key => $value) { $response->header($key, $value); } return $response; } }Then register the middleware with a name in bootstrap/app.php as below:
$app->routeMiddleware([ 'cors' => App\Http\Middleware\CorsMiddleware::class ]);Then wrapping required routes between the defined middleware in routes/web.php as below, and adding an additional rule to handle preflight OPTIONS requests:
$router->group(['middleware' => 'cors'], function () use ($router) { //All the routes you want to allow CORS for $router->options('/{any:.*}', function (Request $req) { return; }); });NOTE
Using Chrome, you can get a more detailed error message than Firefox, which will help you to fix the problem and exactly states why there is no Access-Control-Allow-Origin in the response header. Also, keep in mind that any kind of redirect is not allowed in the preflight request, so make sure you don't have such rule in your .htaccess or any other place.
I've tried all of the code, and LOL, no one work for me.
I'm still got this error
hello everyone. I have cors middleware in my lumen as above. cors midlleware works normally when i make a request to lumen from my app. however, whenever a function that I need to send mail runs, I get the error "Call to a member function header() on null".
A single file solution with CorsMiddleware.php worked like a charm with Lumen 8.x. The only issue I had that my .htaccess file was not default and was adjusted with the following command:
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
In my case I had to remove these lines to make things work.
Hello everyone again. I solved my error related to this issue. I share my answer with you below.
Due to the middleware structure, it returns and switches to the next request after processing. If an error is encountered after the request middleware has passed and did not return, the return value will be null.
For example, after I pass the request from the cors middleware, I am sending a mail via a event as a result of a series of operations. However, even though I changed the mail blade I sent, the cors middleware response value returns null because the php document created in ~/storage/framework/views does not update, and an error occurs.
I was still having problems, and found that you have to Enable Headers and CORS in Apache