CORS fails when sending URL query string in GET request

diegocam commented 3 years ago

Im working locally. Trying to make a simple ajax GET request from frontend app to my Laravel API, but the request fails with a CORS error: Origin is not allowed by Access-Control-Allow-Origin

I am sending the request fromhttps://local.myapp.com/ to

https://api-local.myapp.com:8085/customers?supplierId=1

However if I remove the URL query string ?supplierId=1 then no errors occur. Please help me understand what im doing wrong or if theres a bug with this package.

This is what Chrome Dev Tools show me:

GENERAL
Request URL: https://api-local.myapp.com:8085/customers?supplierId=1
Referrer Policy: strict-origin-when-cross-origin

RESPONSE HEADERS
HTTP/1.1 500 Internal Server Error
Server: nginx/1.10.3
Date: Thu, 03 Jun 2021 06:03:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.15

REQUEST HEADERS
GET /customers?supplierId=1 HTTP/1.1
Host: api-local.myapp.com:8085
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
Accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://local.myapp.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://local.myapp.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

I made sure to clear all caches (routes, config, app)

I made sure cors.php wasnt messed with

'paths' => ['*', 'sanctum/csrf-cookie'],

'allowed_methods' => ['*'],

'allowed_origins' => ['*'],

'allowed_origins_patterns' => [],

'allowed_headers' => ['*'],

'exposed_headers' => [],

'max_age' => 0,

'supports_credentials' => false,

I made sure that the middleware is set correctly in the global middleware in app/Http/Kernel.php
```
protected $middleware = [
    ...,
    \Fruitcake\Cors\HandleCors::class,
    ...,
]
```
I made sure that Nginx is not setting any cors rules.
Im using the latest version set in composer as "fruitcake/laravel-cors": "^2.0", but updated to 2.0.4.

susantp commented 3 years ago

same problem I am facing.

arnav-zek commented 2 years ago

I am facing the same problem

arnav-zek commented 2 years ago

I solved this problem by switching from Query parameters to Route parameters

https://laravel.com/docs/9.x/routing#route-parameters

arminkardovic commented 1 year ago

Any other solution too keep query params ?

fruitcake / laravel-cors

CORS fails when sending URL query string in GET request #534