CORS Rules for Laravel Valet Nginx

valet.conf

# To enable CORS you should add lines with CORS rules below to your valet.conf file
# Find the file /usr/local/etc/nginx/valet/valet.conf  - this is Valet conf for Nginx
# of try to execute `locate valet.conf` and find the `valet.coinf` in `nginx` subdirectory
# after you edit your valet.conf do not forget to execute `valet restart`

server {
    listen 80 default_server;
    root /;
    charset utf-8;
    client_max_body_size 128M;

    location /41c270e4-5535-4daa-b23e-c269744c2f45/ {
        internal;
        alias /;
        # CORS Rules
        add_header Access-Control-Allow-Origin *;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
        # END of CORS Rules #
        try_files $uri $uri/;
    }

    location / {
        # CORS Rules
    	add_header Access-Control-Allow-Origin *;
    	add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
	    add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
        # END of CORS Rules #
        rewrite ^ /Users/pavel/.composer/vendor/laravel/valet/server.php last;
    }

    access_log off;
    error_log /Users/pavel/.valet/Log/nginx-error.log;

    error_page 404 /Users/pavel/.composer/vendor/laravel/valet/server.php;

    location ~ \.php$ {
        # CORS Rules
    	add_header Access-Control-Allow-Origin *;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization';
        # END of CORS Rules #
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/Users/pavel/.valet/valet.sock;
        fastcgi_index /Users/pavel/.composer/vendor/laravel/valet/server.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /Users/pavel/.composer/vendor/laravel/valet/server.php;
    }

    location ~ /\.ht {
        deny all;
    }
}

I have tried this. But it doesn't work for me either.

The above was working but then graphql preflight started failing. Updated to this based on Medium article

        set $cors_origin "*";
        if ($request_method = 'OPTIONS') {
          add_header Access-Control-Allow-Origin $cors_origin always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, OPTIONS, DELETE' always;
          add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Cache-Hash' always;
          add_header 'Access-Control-Allow-Credentials' 'true';
          add_header 'Access-Control-Max-Age' 1728000;
          add_header 'Content-Type' 'text/plain charset=UTF-8';
          add_header 'Content-Length' 0;
          return 204;
        }
        add_header 'Access-Control-Allow-Origin' $cors_origin always;
        # END of CORS Rules #

It also worked with the following in place of set $cors_origin "*";

set $cors_origin "";

if ($http_origin ~ '^https?://(localhost:8000|sitename\.test)$') {
    set $cors_origin $http_origin;
}

@poul-kg This works great for me, thank you. Do you know if it would be possible to somehow put it in the LocalValetDriver.php?

@dmnyk I'm not working with PHP for serveral years now, so can't answer your question, sorry.

https://serverfault.com/a/1111789/964508