-1

I've created a html widget that includes a script that people can fill the form and the script will send a request on my end. Now the request will be sent to a Laravel project and the project in which it is configured is a simple html bootstrap template. I'm having an issue while sending a POST request. It says CORS policy issue. If I try to pass datatype as jsonp, I get the request but since I'm trying to pass card information in that to a payment gateway from my controller, it should be secured. Any solution?

$.ajax({
              url: "url",
              method:'POST',
              type: 'POST',
              data: {
                  'amount':total_amount,
                  'customer_name':customer_name,
                  'customer_email':customer_email,
                  'customer_phone':customer_phone,
                 'card_number': card_number,
                 'card_expiry': card_expiry_date,
                 'cvc': card_cvc
              },
              success: function(result){
                 console.log('test');
              }});

Route::post('/checkout-post', 'CheckoutController@checkout')->name('checkout-post')->middleware('cors');

public function handle($request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin', '*') ->header('Access-Control-Allow-Methods', 'GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS') ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization'); }

Syed Saad Ahmed
  • 31
  • 2
  • you have to adjust your service, not your client code. – Daniel A. White May 12 '20 at 00:18
  • https://github.com/fruitcake/laravel-cors – Phil May 12 '20 at 00:18
  • @DanielA.White I've set my route as a POST route. I even created a middleware CORS and pass this route in the except array of VerifyCsrfToken.php so it can surpass the verification issue. Still same issue. – Syed Saad Ahmed May 12 '20 at 00:30
  • 1
    then show your code of that side and the request/response. – Daniel A. White May 12 '20 at 00:31
  • Route::post('/checkout-post', 'CheckoutController@checkout')->name('checkout-post')->middleware('cors'); this is my route for that. I'm using a cors middleware for this which I've made and registered in the Kernel.php file as well. – Syed Saad Ahmed May 12 '20 at 00:35
  • @Phil I don't think so. I applied the solutions. – Syed Saad Ahmed May 12 '20 at 00:38
  • Please [edit your question](https://stackoverflow.com/posts/61741597/edit) when adding more detail. Code does not belong in the comments section – Phil May 12 '20 at 00:39
  • There is more to handling CORS requests than just a couple of `Access-Control-Allow-*` headers. You also need to handle pre-flight `OPTIONS` requests which is why you should use one of the published middlewares like the one in my first comment above – Phil May 12 '20 at 00:40
  • @Phil I just did. Thank you. Won't adding it under a middleware should resolve the issue that surpass the CSRFToken thing? – Syed Saad Ahmed May 12 '20 at 00:42
  • You need to add the CSFR token to your request. The duplicate answers marked that closed this question are hacks and can create security vulnerabilities by disabling cors. – jeremykenedy May 12 '20 at 02:09
  • You need to add it your request something similar to here: https://engageinteractive.co.uk/blog/csrf-protection-with-ajax-and-laravel – jeremykenedy May 12 '20 at 02:10

1 Answers1

-2

stackoverflow.com/questions/57808199/… Its resolved by this solution. They were missing one step of not registering the created middleware inside Kernel middleware array. It's working fine. Thank you.

Syed Saad Ahmed
  • 31
  • 2