How to enable cors in web api php or laravel?

Aman Jain,

Cross-Origin Resource Sharing (CORS) is mechanism which allow browser to share the resources between the other domain or port. if the cors is disabled in api or server then other domain can’t access the apis and resource of server.

Example: if a server A wants to access the apis of server B then its impossible until cors is not enable on server B. you will get an error.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource Reason: CORS header ‘Access-Control-Allow-Origin’ missing

how to enable cors in php?

function cors() {
    
    // Allow from any origin
    if (isset($_SERVER['HTTP_ORIGIN'])) {
        // Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
        // you want to allow, and if so:
        header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
        header('Access-Control-Allow-Credentials: true');
        header('Access-Control-Max-Age: 86400');    // cache for 1 day
    }
    
    // Access-Control headers are received during OPTIONS requests
    if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
            // may also be using PUT, PATCH, HEAD etc
            header("Access-Control-Allow-Methods: GET, POST, OPTIONS");         
        
        if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
            header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
    
        exit(0);
    }
    
    echo "You have CORS!";
}

you can call cors function in header file or in the file which is includes in all files of your project.

How to enable cors in laravel?

  1. Create a middleware using the artisan command or manually in Http/middleware folder
php artisan make:middleware Cors

or you can also create a file in Cors.php in Http/middleware folder and edit the file

<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        return $next($request)
         ->header("Access-Control-Allow-Origin", "{$_SERVER['HTTP_ORIGIN']}")
        ->header('Access-Control-Allow-Credentials','true')
        ->header('Access-Control-Max-Age', '86400');  ;

    }
}

2. Add the middleware to Http/Kernel.php in $routeMiddleware

protected $routeMiddleware = [
        ......
        'throttle'      => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'cors'          => \App\Http\Middleware\Cors::class, //Cors added
    ];

So, you can use it in your routes with the cors name:

Route::group(['namespace' => 'User', 'middleware' => ['cors'], 'prefix' => 'user'], function () {

});

Laravel cors using the package:

you can also use the package to enable the cors in laravel

https://github.com/fruitcake/laravel-cors

Enable cors plugin in chrome or any browser

We can also disable the security of cors in browser using the chrome extension

https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf?hl=en

hence, this will disable the cors in browser but it’s an temporary solution for cors.

Php Laravel Softwares

Related Posts

Break and Continue statements

Break and continue statements are used to change the flow of program. lets see the difference and usage of both. Break as the name implies it terminate the current loop and execute the next line of code. Continue do not terminate the loop rather then it skip the current iteration…

Read More