1

I'm starting to make an application for myself - on the frontend in React, and the backend in Laravel. I am completely inexperienced in React and am trying to do authentication at this point.

On the backend I am using Laravel Sanctum and Fortify, and on the frontend I tried koole/react-sanctum. And when sending a request I got that

Access to XMLHttpRequest at 'http://localhost:8080/sanctum/csrf-cookie' from origin 'http://localhost:3000/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.*.

I'm not sure if I need to allow CORS on the backend or frontend side. Maybe anyone have any idea how to solve that or know on which side the problem is.

I used create react app and set in package.json something like this:

"proxy": "http://localhost:8080/"

but unfortunately nothing helped.

zielonyy3
  • 21
  • 1
  • 1
    Backend needs to allow CORS. I don't have much PHP knowledge. But that's the direction to go. In nodejs apps, for example, we would look into packages that enable CORS for certain / or all domains (the fewer whitelisted the better), such as `cors` package. – Morris Nov 13 '22 at 19:47
  • @Morris you was right, it was on the backend. I needed to enable CORS on my nginx. Thank you so much! Your answer speed up solving this. – zielonyy3 Nov 13 '22 at 20:52
  • Does this answer your question? [Laravel 5.1 API Enable Cors](https://stackoverflow.com/questions/33076705/laravel-5-1-api-enable-cors) – steven7mwesigwa Nov 13 '22 at 20:53

0 Answers0