Closed eduardmartinez closed 8 years ago
Postman sends requests with some Origin
header which is not allowed by your CORS settings. For development purposes you can allow all origins in config/cors-illuminate.php
line 26.
Also detailed logging could be added (it will be included to the next release)
add app/Http/Middleware/CorsMiddleware.php
<?php namespace App\Http\Middleware;
use \Log;
use \Neomerx\Cors\Contracts\AnalysisResultInterface;
use \Neomerx\CorsIlluminate\CorsMiddleware as BaseCorsMiddleware;
class CorsMiddleware extends BaseCorsMiddleware
{
protected function getResponseOnError(AnalysisResultInterface $analysisResult)
{
switch ($analysisResult->getRequestType()) {
case AnalysisResultInterface::ERR_NO_HOST_HEADER:
Log::debug('CORS error: no Host header in request');
break;
case AnalysisResultInterface::ERR_ORIGIN_NOT_ALLOWED:
Log::debug('CORS error: request Origin is not allowed');
break;
case AnalysisResultInterface::ERR_METHOD_NOT_SUPPORTED:
Log::debug('CORS error: request method is not allowed');
break;
case AnalysisResultInterface::ERR_HEADERS_NOT_SUPPORTED:
Log::debug('CORS error: one or more request headers are not allowed');
break;
}
return parent::getResponseOnError($analysisResult);
}
}
change used middleware in app/Http/Kernel.php
line 20
\App\Http\Middleware\CorsMiddleware::class,
Then requests from not allowed origins (e.g. postman) will produce the following in logs
[YYYY-MM-DD HH:MM:SS] local.DEBUG: CORS error: request Origin is not allowed
Thanks, I've applied the middleware and the CORS config and it worked. I have another question. Do you have a JSON API base structure validator in the package?
I use my own basic validator which suits my needs (which is very simple btw) however it's not a part of the project
@lindyhopchris has https://github.com/cloudcreativity/laravel-json-api that provides advanced validation for JSON-API structure however you will need to integrate it on your own
Hi, thanks for this package.
I defined a route like this:
But when I try to test it using Postman, it shows me a 400 Bad Request error and doesn't show an exception or something. It doesn't show anything. Why doesn't it show me an exception message?