search

francescomalatesta / laravel-api-boilerplate-jwt

A Laravel 5.8 API Boilerplate to create a ready-to-use REST API in seconds.
MIT License
1.17k stars 285 forks source link

PREFLIGHT REQUEST USING OPTIONS METHOD #56

Closed NightravenJames closed 7 years ago

NightravenJames commented 7 years ago

image

NightravenJames commented 7 years ago

As you can see am trying to do a preflight request ,the fixes in the following links havent worked for me:

Bonobomagno commented 7 years ago

i had the same error. If you use json request you will have a preflight request before the true post one. The solution? you need to edit htacces for make apache auto-respond with 204 and request the true request. Of course cors is needed on your server (web server level or php level) if you are usign 2 different domain.

NightravenJames commented 7 years ago

Am implementing the laravel cors that came with the package .Would you mind sending me the configurations you used

Bonobomagno commented 7 years ago 
<IfModule mod_headers.c>

  Header always set Access-Control-Allow-Origin *
  SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
  Header always set Access-Control-Max-Age "1000"
  Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding"
  Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
</IfModule>
<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=204,L]
    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

i'm using this. Ofc i suggest to use specific domain instead of * and use with-credential on request header.

You can do the same with laravel-cors, but i'm not using it for now.

NightravenJames commented 7 years ago

I did the above code on my htaccess file in the public folder. Applied Header set Access-Control-Allow-Origin http://localhots8012 Applied the same settings to my app/cors.php and still getting the same issue from angular .Am debating whether I really need the preflight request in the first place

NightravenJames commented 7 years ago

If you wanna share screen in google hangouts I'd be happy to show you my implementation

Bonobomagno commented 7 years ago

you must chose one of them 2.. and, what type of request are you doing? the header. Sorry, mine are free tips. ask payed support on dingo-api or laravel if you want that type of support.

NightravenJames commented 7 years ago

Thanks works on this site resttesttest.com that utilises jquery but not the front end made from angular js

francescomalatesta commented 7 years ago

Closing this as it seems something related to one (or more) dependencies of this boilerplate, and not to the boilerplate itself.