Adding CORS middleware removes token-based authentication

Question

I have followed the accepted answer of this question to allow everyone to request my API providing that they give an auth token.

The code I have is exactly the same that in the answer.

The problem is that it removes the token-based authentication, everyone can send a request yes, but it works even without token. How should I do to have the header access-control-allow-origin → * and also a working authentication system?

Thank you for your help.

score 0 · Answer 1 · answered May 16 '18 at 11:06

0

Add ->header('Authorization', 'Bearer '.$request->header('Authorization')) in the cors middleware.

answered May 16 '18 at 11:06

Prabakaran T

31
7

I can still access my API without authentication. – JacopoStanchi May 16 '18 at 11:38
then Use [Laravel cors Package by barryvdh] (https://github.com/barryvdh/laravel-cors) – Prabakaran T May 16 '18 at 12:12

Adding CORS middleware removes token-based authentication

1 Answers1