Laravel 5.7 API with CORS issue

Question

I've already looked at Laravel 5.2 CORS, GET not working with preflight OPTIONS which was helpful to diagnose the issue, but I'm still having issues.

The exact error:

Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response.

It's no longer failing as a result of the access control response, but it's still failing. How would I go about updating this?

Usually this will happen if the route is defined improperly... Have you defined your route for the particular verb you're trying to access? — Michael Miller, Feb 10 '19 at 04:59
Thanks for your help - the error changed. Request header field access-control-allow-origin is not allowed by Access-Control-Allow-Headers in preflight response. — Nathanael, Feb 10 '19 at 05:05
Have a look [here](https://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr) and see if that answers your question. — Michael Miller, Feb 10 '19 at 05:09
After solving the previous error thanks to your help I was able to get it working... thanks! — Nathanael, Feb 10 '19 at 05:14
I'm going to post my first comment as the solution, if you wouldn't mind, please mark it as resolved. ;) — Michael Miller, Feb 10 '19 at 05:19

score 1 · Accepted Answer · answered Feb 10 '19 at 05:19

1

Usually this will happen if the route is defined improperly... Check to make sure the route and its verb are properly defined.

answered Feb 10 '19 at 05:19

Michael Miller

399
1
9

Well, this has nothing to do with improper defining of routes. Proper headers need to be sent back to the client browser via a middleware. – nice_dev Feb 10 '19 at 05:51
That's correct, @vivek_23, and the middlewares take care of that part for you if the routes are properly defined. ;) – Michael Miller Feb 11 '19 at 14:51

score 0 · Answer 2 · answered Apr 07 '21 at 04:27

I have experienced this several times where it gives a CORS error yet if I check, the Access-Control-Allow-Headers it is actually present in the preflight response. I noted that Laravel can sometimes return that CORS because of an issue with the controller/model that is involved with that request. I have experienced this 3 times and these were the 3 reasons:

Using a trait in a model when I had not imported the actually trait into the model
Had a typo in the model class definition e.g. class Document implements Filee instead of File
I checked the laravel.log and it had an error that I was not implementing some abstract methods in the a certain model class (this was today, toiled for many hours!!!)

I write this, with examples, in the hope that it can actually help somebody. The issue is difficult to troubleshot given that it just gives a CORS error without much info about what the issue is at the back.

Good luck.

Laravel 5.7 API with CORS issue

2 Answers2