The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin error

Question

I get this error:

Access to XMLHttpRequest at 'http://127.0.0.1:8000/api/user' from origin 'http://localhost:8080' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8080/*' that is not equal to the supplied origin.

I have create Middleware and nothing changed:

public function handle($request, Closure $next)
{
    return $next($request)
        ->header('Access-Control-Allow-Origin','http://localhost:8080/*')
        ->header('Access-Control-Allow-Methods','POST,PUT,GET,DELETE,OPTIONS')
        ->header('Access-Control-Allow-Headers','Accept,Authorization,Content-Type')
        ->header('Content-Type','application/json');
}

score 0 · Answer 1 · answered Jun 11 '20 at 09:11

0

I am not sure But maybe chorme does not support localhost

Try wildcard * Instead of http://localhost:8080/*

answered Jun 11 '20 at 09:11

void

915
8
20

I changed * Instead of http://localhost:8080/* and get this error: Access to XMLHttpRequest at 'http://blog.test/api/user' from origin 'http://localhost:8080' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. – Jun 11 '20 at 09:25
1

your allow credentials is `true` now to solve this `false` you allowcredetials in frontend – void Jun 11 '20 at 09:44
1

because you are testing it on localhost if it was hosted on a domain you will not get this error... whenever you using `*` off you allowcredentials – void Jun 11 '20 at 09:46

The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin error

1 Answers1

Linked