laravel-cors icon indicating copy to clipboard operation
laravel-cors copied to clipboard

Published 20 hours ago verified publisher icon fruitcake

Why was group-based middleware support removed?

Open kirkbushell opened this issue 4 years ago • 15 comments

I currently have a use-case where I have an api.domain not /api setup. And I do not want to have to open up my entire application just to support the api requests.

Is there a way to support this currently, perhaps by filtering by domain somehow? If not, I'm really curious why group-based middleware support was removed =\ It would have handled my use-case perfectly.

kirkbushell avatar Feb 03 '21 23:02 kirkbushell

I concur.

We have multiple different sites poking our API endpoints. A series of middleware must run in sequence (configured as a group of middlewares), that detects the site, amongst other things. Only after some middlewares run that HandleCors should run, as it requires context to, for instance, dynamically set the allowed_origins.

What is the alternative, if any ?

ftrudeau-pelcro avatar Feb 07 '21 17:02 ftrudeau-pelcro

Hey @barryvdh, any plan to reinstate support for group-based middleware any time soon ? Thanks for the package btw ;)

ftrudeau-pelcro avatar Feb 19 '21 14:02 ftrudeau-pelcro

Would appreciate feedback @barryvdh

ftrudeau-pelcro avatar Mar 06 '21 15:03 ftrudeau-pelcro

I think it would work in a group, but you want different options?

barryvdh avatar Mar 06 '21 16:03 barryvdh

I think it would work in a group, but you want different options?

What kind of options? This used to be part of group middleware, which allows you to group routes together nicely for CORS support, which we can no longer do.

kirkbushell avatar Mar 09 '21 07:03 kirkbushell

What kind of options? This used to be part of group middleware, which allows you to group routes together nicely for CORS support, which we can no longer do.

I concur.

ftrudeau-pelcro avatar Mar 09 '21 13:03 ftrudeau-pelcro

What kind of error do you het when using it as a group? If you just add to a group and set the path to allow *?

barryvdh avatar Mar 09 '21 14:03 barryvdh

What kind of error do you het when using it as a group? If you just add to a group and set the path to allow *?

Just quoting the documentation of latest release:

Group middleware is no longer supported, use the global middleware

ftrudeau-pelcro avatar Mar 09 '21 15:03 ftrudeau-pelcro

Yeah it's not officially supported/tested, but I think it should work. Except error handling mostly.

barryvdh avatar Mar 09 '21 15:03 barryvdh

Fair enough, please update documentation on how to implement the way it used to work using group middleware (or send it here), and @kirkbushell and I can test on our respective projects. But from my previous tests, if I remember correctly, the package was simply not behaving correctly when applied to group middleware. In other words: not working at all, without exceptions / errors.

ftrudeau-pelcro avatar Mar 09 '21 15:03 ftrudeau-pelcro

I think it was a matter of adding the middleware to the group instead of the base middleware, but will check. I had a test, but will see if I can skip some tests so we can make the rest work; https://github.com/fruitcake/laravel-cors/pull/395

barryvdh avatar Mar 09 '21 15:03 barryvdh

Any progress here @barryvdh ?

ftrudeau-pelcro avatar Mar 13 '21 13:03 ftrudeau-pelcro

I had the same issue, and according to https://github.com/fruitcake/laravel-cors/pull/514 you can do something like

'paths' => [
    'api.domain' => ['*']
]

in the config/cors.php.

tested and working for me

hbouhadji avatar Mar 30 '22 13:03 hbouhadji

It definitely doesn't work at the group level. @barryvdh would be good to get some clarification on this.

kirkbushell avatar Mar 30 '22 14:03 kirkbushell

yeah you still need to put it in global but why do you need to apply it on a group if you can filter by domain with the "hack" ?

hbouhadji avatar Mar 30 '22 14:03 hbouhadji