laravel-cors
laravel-cors copied to clipboard
fruitcake
CORS doesn't work on Paginated Routes/Request
Hi guys great work on this package!
After following all the guidelines in the doc correctly
I noticed cor headers get populated in regular routes which is normal...
Route::get('/blog/posts/all', 'BlogController@getAllPosts');
// i.e. http://site.com/api/blog/posts/all
but the headers don't get populated in paginated routes
Route::get('/blog/posts/', 'BlogController@getPaginatedPosts');
// i.e. http://site.com/api/blog/post/?page=4 -> This doesn't get loaded with the cor headers.
I have the same issue with ^2.0. I am using the Eloquent paginate in combination with https://github.com/spatie/laravel-query-builder :
$bankProfiles = QueryBuilder::for(BankProfile::class)
->defaultSort("name")
->allowedSorts("name", "postal_code", "city", "approved", "data_completed")
->allowedFilters("name", "postal_code_city", "city")
->paginate($request->query("per_page"));
There are no Error Logs and the following headers are missing:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://frontend.site.test
The strange thing is that it worked before and that it works on my local environment. After I added some features to the application and released it to the staging, it suddenly stoped to work. It took me a while to localize the error source.
Update
If I use simplePaginate instead of paginate, then it works. But it's not an option for me
Update2
Finally I solved the problem! The problem was not with cors, but a problem with the trans pagination.php file (resources/lang/de/pagination.php). I just had it copied and pasted, leaving the first line empty. Exactly this caused an error in the pagination but it didn't display it in the logs.
@barryvdh Sorry this is coming super late.
No errors at all, it just doesn't send the appropriate cors once there's a query string in the url.
Had to set up a CORSMiddleware.php
public function handle(Request $request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, OPTIONS, post, get')
->header("Access-Control-Max-Age", "3600")
->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token')
->header("Access-Control-Allow-Credentials", "true");
}
then in Kernel.php
...
'cors' => [
\App\Http\Middleware\CORSMiddleware::class
],
...
in api.php
Route::group(['namespace' => 'App\Http\Controllers', 'middleware' => ['api', 'cors']], function () { ... });
Hey @stanislavhannes You could do, this. Since I logged the issue I have been doing it this way side-by-side fruitcake/laravel-cors with no issues on several projects now.
@barryvdh Sorry this is coming super late.
No errors at all, it just doesn't send the appropriate cors once there's a query string in the url.
Had to set up a CORSMiddleware.php
public function handle(Request $request, Closure $next) { return $next($request) ->header('Access-Control-Allow-Origin', '*') ->header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE, OPTIONS, post, get') ->header("Access-Control-Max-Age", "3600") ->header('Access-Control-Allow-Headers', 'Origin, Content-Type, X-Auth-Token') ->header("Access-Control-Allow-Credentials", "true"); }then in Kernel.php
... 'cors' => [ \App\Http\Middleware\CORSMiddleware::class ], ...in api.php
Route::group(['namespace' => 'App\Http\Controllers', 'middleware' => ['api', 'cors']], function () { ... });Hey @stanislavhannes You could do, this. Since I logged the issue I have been doing it this way side-by-side fruitcake/laravel-cors with no issues on several projects now.
This has still not been resolved. I wonder if there's a pull request to fix this already
