SamMakesCode
commented
1 year ago My fellow hair-pullers, here's what I did to fix this.
I had a similar issue that presented this way because it was for me (so far) my only PATCH method and it was triggering a preflight request. In actual fact, my issue was that my request had a trailing /. Once I removed this, it worked. I'm not sure if this is a laravel-cors issue though.
I've also heard about this error occurring when you echo in the controller instead of return response()->json().
CORS is handy when you don't want someone embedding your video on their website. It's useless as a security feature as you can use tools like Insomnia and Postman or even Laravel tests to get around it.
It'd be really nice if the browser exposed an API to javascript that allowed you to forego this "feature".
Before you start
[ ] Update to the latest version by running
composer update fruitcake/laravel-cors[ ] Make sure that Apache/nginx/Valet are NOT also adding CORS headersCheck your config
[ ] Double-check your config file with the version from the repo. Make sure the
pathsproperty is correctly set. Start by allowing as much as possible. [ ] Make sure the middleware is added to the global middleware in your Http Kernel (not group)Clear your caches
Please do these steps again before submitting an issue: [ ] Clear your config cache
php artisan config:clear, route cache (php artisan route:clear) and normal cache (php artisan cache:clear). [ ] Make sure your permissions are setup correctly (eg. storage is writable)Make the request
Open Chrome Devtools to see which requests are actually happening. Make sure you see the actual OPTIONS requests for POST/PUT/DELETE (see https://stackoverflow.com/questions/57410051/chrome-not-showing-options-requests-in-network-tab)
Please show the actual request + response headers as sent by the OPTIONS request and the POST request (when available)