Access-Control-Allow-Origin missing only in firefox :(

[abiradak]

Hi! i am getting this issue only in firefox . I don't have much knowledge just asking is the setup good enough , OPTIONS request is getting 404 Error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://some.in/api/admin/test. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://some.in/api/admin/test. (Reason: CORS request did not succeed) cors.php:

return [
    'paths' => ['api/*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];

kernel.php

protected $middleware = [
        \App\Http\Middleware\TrustProxies::class,
        \App\Http\Middleware\CheckForMaintenanceMode::class,
        \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
        \App\Http\Middleware\TrimStrings::class,
        \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
        //\App\Http\Middleware\Cors::class,
        \Fruitcake\Cors\HandleCors::class,
        
    ];

  
    protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
           // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

    ];

   
    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        //'cors' => \App\Http\Middleware\Cors::class,
    ];

    protected $middlewarePriority = [
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\Authenticate::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Auth\Middleware\Authorize::class,
    ];

api.php

Route::post('admin-login','CustomLogin@userLogin');
    Route::post('admin/login','CustomLogin@betUserLogin');
    Route::get('logout/{type}','CustomLogin@logOut')->middleware('auth:api');
    Route::group(['prefix' => 'admin/','middleware' => 'auth:api'], function() {
        Route::post('list-user','Admin\AdminController@userList');
    });

[barryvdh]

but does the route exist?

[abiradak]

Sometimes its getting 200 Sometimes 404

[barryvdh]

Which version of fruitcake/laravel-cors are you using? Are you on the latest 2.x version? If not, can you upgrade?

It seems you're using Cloudflare?

[abiradak]

I am using 2.0 version of fruitcake/laravel-cors ! Can the Cloudflare is the reason of this 443 port ?? Though its perfectly working on other browsers.. i dont have much idea about server!

[barryvdh]

Cloudflare should Vary on the Origin header, so not sure if it's getting old responses

[kieuminhcanh]

For somebody who use Windows 10 Maybe fixed.

This is a intel graphics card software related issue on windows 10.

How to fix:

In windows, go to: Start menu Type: Services: Find the service called: "Intel(R) Graphics Command Center Service" Right click > Properties > Startup type = Disabled This fixed the problem for me.. :-)

[barryvdh]

Can you try with the latest 2.0.1 version?

[silasbuchwald]

I am getting the same problem like @abiradak with the latest version (2.0.1) in Firefox. In Chrome i am getting another problem: GET http://localhost/api/posts net::ERR_CONNECTION_REFUSED

[barryvdh]

That's not the same error?

[silasbuchwald]

In Firefox I am getting the same Error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost/api/posts. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

And in Chrome this Error: GET http://localhost/api/posts net::ERR_CONNECTION_REFUSED

[barryvdh]

Well is your API working correctly? Maybe you get an actual error?

[silasbuchwald]

Yes, the API is completly working. If I am visiting the site "http://localhost/api/posts" directly, i am getting the data..

[mathiaswillburger]

@silasbuchwald I was facing the exact same issue with Firefox. All other browsers were working fine. I could discard an API issue as - like in your case - the API is working completely fine when fetching data with any other source than Firefox. I was finally able to solve it by changing a Firefox setting. I hope this helps.

This is my setup:

• My local development environment is running on http://localhost:3000 and my API on http://api.localhost/api.
• I was getting the error Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.localhost/api/test. (Reason: CORS request did not succeed).. Additionally I got TypeError: NetworkError when attempting to fetch resource..

To solve the issue I did the following:

• Open Firefox and type about:config in the URL field.
• Search for network.dns.native-is-localhost. For me the setting was false, which seems to be the Firefox default. Change this to true

After performing the last step the application works like a charm also in Firefox. No API code change needed.

[mathiaswillburger]

Just recognized that this setting had an unwanted side effect for Firefox: now all non-localhost pages throw an error :-(. I guess for now I will just switch between the settings when testing with Firefox. If anybody figures out how to resolve this, let me know.

[ultrono]

It's working here locally, using Firefox for myself. Within the allowed origins key I had to append the local url and protocol.

The following worked:

'allowed_origins' => ['https://site.test']

[wanda-madikana-sage]

It's working here locally, using Firefox for myself. Within the allowed origins key I had to append the local url and protocol.

The following worked:

'allowed_origins' => ['https://site.test']

This helped, thanks Ultrono. Had to set allowed_origins = true

[sprklinginfo]

I have the same issue with Firefox. works with Chrome. I am using v2.0.1. I added my virtual domain like 'allowed_origins' => ['https://site.test'], but it doesn't solve the issue.