search

spatie / laravel-cors

Send CORS headers in a Laravel application
https://spatie.be/en/opensource/laravel
MIT License
603 stars 59 forks source link

Ajax issue Access-Control-Allow-Origin #59

Closed marciofornari closed 4 years ago

marciofornari commented 5 years ago

I need read a csv File with ajax

$.ajax({ headers: { "Access-Control-Allow-Origin": "*" }, method: 'GET', dataType: 'text', url: 'http://localhost/CSVServer/csv/sales.csv', success: function (response) { console.log(response); } })

Show me this error:

Access to XMLHttpRequest at 'http://localhost/CSVServer/csv/sales.csv' from origin 'http://dashboard.local' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The kernel.php is:

protected $middleware = [ \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \App\Http\Middleware\TrimStrings::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \Spatie\Cors\Cors::class, ];

My cors.php config is default config

`<?php

return [

/*
 * A cors profile determines which origins, methods, headers are allowed for
 * a given requests. The `DefaultProfile` reads its configuration from this
 * config file.
 *
 * You can easily create your own cors profile.
 * More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile
 */
'cors_profile' => Spatie\Cors\CorsProfile\DefaultProfile::class,

/*
 * This configuration is used by `DefaultProfile`.
 */
'default_profile' => [

    'allow_credentials' => false,

    'allow_origins' => [
        '*',
    ],

    'allow_methods' => [
        'POST',
        'GET',
        'OPTIONS',
        'PUT',
        'PATCH',
        'DELETE',
    ],

    'allow_headers' => [
        'Content-Type',
        'X-Auth-Token',
        'Origin',
        'Authorization',
    ],

    'expose_headers' => [
        'Cache-Control',
        'Content-Language',
        'Content-Type',
        'Expires',
        'Last-Modified',
        'Pragma',
    ],

    'forbidden_response' => [
        'message' => 'Forbidden (cors).',
        'status' => 403,
    ],

    /*
     * Preflight request will respond with value for the max age header.
     */
    'max_age' => 60 * 60 * 24,
],

]; `

Where is the problem?

vdbelt commented 5 years ago

I am thinking this issue is not related to this package.

Is the csv file served through a Laravel application?

marciofornari commented 5 years ago

I am thinking this issue is not related to this package.

Is the csv file served through a Laravel application?

Hello, Yes, is a Laravel Application. The laravel version is 5.8

Sorry, but i'm confused. I need enable CORS in my laravel aplication or my backend server?

atymic commented 5 years ago

You can add a screenshot of the headers that laravel is returning on the request from the network tab in chrome?

marciofornari commented 5 years ago

You can add a screenshot of the headers that laravel is returning on the request from the network tab in chrome?

Hello, Thanks! This is header: image

Errors:

image

atta1234 commented 5 years ago

this package is not working with laravel 5.8 i have test it with 6 and worked but not working with 5.8 what's could be the issue

llioor commented 4 years ago

Laravel 6 is not working.. I get: 

   Symfony\Component\Debug\Exception\FatalThrowableError  : Argument 1 passed to Spatie\Cors\Exceptions\InvalidCorsProfile::profileDoesNotExtendDefaultProfile() must be of the type string, null given, called in /var/www/roomizer/api/vendor/spatie/laravel-cors/src/CorsServiceProvider.php on line 23

  at /var/www/roomizer/api/vendor/spatie/laravel-cors/src/Exceptions/InvalidCorsProfile.php:10
     6| use Spatie\Cors\CorsProfile\DefaultProfile;
     7| 
     8| class InvalidCorsProfile extends Exception
     9| {
  > 10|     public static function profileDoesNotExtendDefaultProfile(string $className)
    11|     {
    12|         $defaultProfileClass = DefaultProfile::class;
    13| 
    14|         return new static("The configured cors profile in `{$className}` is invalid. A valid cors profile extends `{$defaultProfileClass}`");

  Exception trace:

  1   Spatie\Cors\Exceptions\InvalidCorsProfile::profileDoesNotExtendDefaultProfile()
      /var/www/roomizer/api/vendor/spatie/laravel-cors/src/CorsServiceProvider.php:23

  2   Spatie\Cors\CorsServiceProvider::boot()
      /var/www/roomizer/api/vendor/laravel/framework/src/Illuminate/Container/BoundMethod.php:32
freekmurze commented 4 years ago

Thank you for reporting this, but we're not going to invest time in a fix.

Laravel 7 introduced native support for CORS. We are going to abandon our package. Please upgrade to Laravel 7.