search

tymondesigns / jwt-auth

🔐 JSON Web Token Authentication for Laravel & Lumen
https://jwt-auth.com
MIT License
11.24k stars 1.55k forks source link

Cors in routes that i apply jwt.auth middleware #1785

Open veronesecoms opened 5 years ago

veronesecoms commented 5 years ago

When i try to make a http request in a middleware group with the jwt.auth i receive:

:9000/#/dash/tipodeprodutos:1 Access to XMLHttpRequest at 'https://api2.jcontrole.com.br/api/notificacoes/gerais' from origin 'http://localhost:9000' has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight response.

| Bug? yes | Framework | Laravel | Framework version | 5.6 | Package version | Try using "barryvdh/laravel-cors": "^0.9.2", and "tymon/jwt-auth": "^0.5.12" | PHP version | PHP 5.6.36 (cli) (built: Apr 25 2018 16:45:32)

I have this routes without the jwt middleware:

<?php

use Illuminate\Http\Request;

Auth::routes();

//Route::post('login', 'UserController@acessarSistema'); 
Route::post('login', 'UserController@authenticate');

This works normally but when i try to make a http request in a group with the jwt auth i receive cors errors:

$this->group(['middleware' => 'jwt.auth', ['prefix' => 'api']], function() {

      Route::post('admin/tipo-produto', 'TipoProdutosController@create')->name('cadastrar_tipo_produto')->middleware('checarPermissaoTela');

})

I try:

    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
            **\Barryvdh\Cors\HandleCors::class,**
        ],
    ];

I add in Kernel.php the cors package:

    protected $middleware = [
        \Barryvdh\Cors\HandleCors::class,
        \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        \App\Http\Middleware\TrustProxies::class,

    ];

In cofig/cors.php:

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Laravel CORS
    |--------------------------------------------------------------------------
    |
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
    | to accept any value.
    |
    */

    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,

];

Also tried put in the public/index.php:

header('Access-Control-Allow-Origin: *');  
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
stale[bot] commented 3 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.