Only some route return No 'Access-Control-Allow-Origin' header is present on the requested resource.

[wilson-young]

I am getting error Access to XMLHttpRequest at 'https://api.com/something' from origin 'https://website.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

but there only happen for 2 routes (until now, I am still testing on it) other routes either get or post didn't return me CORS error

My NGINX didn't put any origin or CORS related. I also installed latest fruitcake 2.0.1 I have checked my own code too in controllers or route there are no problems. I am sure because the same project is deployed at another server with fruitcake 1.0.5 is working fine till now.

[davidquon]

This is similar to how ours is configured too. https://github.com/fruitcake/laravel-cors/issues/477#issuecomment-662146566

Our routes that use GET or POST without setting authentication with a Bearer token in the header for the POST seem okay but the ones that send authentication with a Bearer token show this error.

[wilson-young]

@davidquon I still havent solved this issue yet.

[neacon-ivalkenburg]

getting the same, and it's literally driving me insane.

[davidquon]

In case it helps others https://github.com/fruitcake/laravel-cors/issues/477#issuecomment-664709886. I'm using the 2.0 version on the server.

[barryvdh]

If you're using the Authorization header, you should set credentials to true.

[davidquon]

Thanks @barryvdh as https://github.com/fruitcake/laravel-cors/issues/478#issuecomment-664827785 worked for me. 👏 https://github.com/fruitcake/laravel-cors/issues/477#issuecomment-665166972

[tominal]

Thank you @barryvdh that worked!

Also, for anyone googling, make sure that if you created a custom routes file that you have updated your 'paths' array in the cors.php file. I was scratching my head for a bit then realized.

[wilson-young]

If you're using the Authorization header, you should set credentials to true.

i have try to change credentials to true, but its still not worked and i also dont think that is the problem in my issue because when other request with Authorization is worked

but i found out maybe it will be problem but i havent solved yet too it is the 2 route i got cors error https://api.com/something is calling another api https://api-service.com/something (our team made too. its different service api) using same version of laravel and cors setting will it causing problem, any possible solution to try?

[nbulian]

The same problem here using "laravel-cors", but...

I've tested using my own CORS middleware implementation (the one I'm using in Lumen 6, which is working fine) and I got the same, so this issue is probably related to Lumen and not with this package.

Any suggestions would be appreciated!

Thanks! N

[WPandu]

If you're using the Authorization header, you should set credentials to true.

i have try to change credentials to true, but its still not worked and i also dont think that is the problem in my issue because when other request with Authorization is worked

but i found out maybe it will be problem but i havent solved yet too it is the 2 route i got cors error https://api.com/something is calling another api https://api-service.com/something (our team made too. its different service api) using same version of laravel and cors setting will it causing problem, any possible solution to try?

Hi, have you still this problem? Thank you

[wilson-young]

If you're using the Authorization header, you should set credentials to true.

i have try to change credentials to true, but its still not worked and i also dont think that is the problem in my issue because when other request with Authorization is worked but i found out maybe it will be problem but i havent solved yet too it is the 2 route i got cors error https://api.com/something is calling another api https://api-service.com/something (our team made too. its different service api) using same version of laravel and cors setting will it causing problem, any possible solution to try?

Hi, have you still this problem? Thank you

Yes, i haven't solved this issue yet.

[limitless-brain]

Please, verify if you don't have a query error. I had the same problem and the error was I wrote " Album::all()->paginate(10) " To find if it's really a cors error, return response from the route with any string like 'hello' before any operation.

public function index(Request $request) { return response()->json('hello'); ... }

[Tonykaynoni]

In my case, what caused the issue is that some model doesn't have migration and a database Table which caused some of the query I made within that route to fail, it's strange that Laravel didn't notify me or return any error. I fixed the issue by removing the query to those tables.

[BeatriceThalo]

I was adding custom headers in only some use cases of the endpoint, so was getting this error message:

Access to XMLHttpRequest at 'https://my-production-url' from origin 'http://localhost' has been blocked by CORS policy: Request header field myCustomHeaderProperty is not allowed by Access-Control-Allow-Headers in preflight response.

So when my endpoint received an OPTIONS request, it needed to respond with: 'Access-Control-Allow-Headers': 'Authorization, myCustomHeaderProperty' then the subsequent GET request using the customHeader stopped having the CORS error.

[salasmark]

Please, verify if you don't have a query error. I had the same problem and the error was I wrote " Album::all()->paginate(10) " To find if it's really a cors error, return response from the route with any string like 'hello' before any operation.

public function index(Request $request) { return response()->json('hello'); ... }

It is really strange, it happened to me. Been scratching my head overnight. Laravel did not return any error related to the cause, but the CORS just blows up even it isn't the real cause. No error log too.

Your comment just saved me, thank you! I tried finding the error elsewhere and I knew it the second I added this code: public function index(Request $request) { return response()->json('hello'); ... }

[kareem-torky]

The same issue happened to me. I know that my answer will be a bit weird but it solved the issue for me. I noticed that my API calls (using Axios) which returns CORS error has a trailing "/" in the action URL. So I simply removed the trailing slash and the error was fixed. This didn't work: axios.post("something/") This worked: axios.post("something")

[Mikeonii]

In my case, a certain model is returning Cors error in a browser's console, but 500 in postman. I don't know what causes the issue. I can't find the problem since this worked well on my local server

[Mikeonii]

I figured out other clues. Get and All is not working.

[FatihAraz]

The same issue happened to me. I know that my answer will be a bit weird but it solved the issue for me. I noticed that my API calls (using Axios) which returns CORS error has a trailing "/" in the action URL. So I simply removed the trailing slash and the error was fixed. This didn't work: axios.post("something/") This worked: axios.post("something")

Hoooly sh... This was my mistake. a Fu...ing trailing slash

[placecodex]

The same issue happened to me. I know that my answer will be a bit weird but it solved the issue for me. I noticed that my API calls (using Axios) which returns CORS error has a trailing "/" in the action URL. So I simply removed the trailing slash and the error was fixed. This didn't work: axios.post("something/") This worked: axios.post("something")

you save my day,thanks