laravel-cors icon indicating copy to clipboard operation
laravel-cors copied to clipboard

Published 20 hours ago verified publisher icon fruitcake

CORS fails when sending URL query string in GET request

Open diegocam opened this issue 3 years ago • 4 comments

Im working locally. Trying to make a simple ajax GET request from frontend app to my Laravel API, but the request fails with a CORS error: Origin is not allowed by Access-Control-Allow-Origin

I am sending the request fromhttps://local.myapp.com/ to

https://api-local.myapp.com:8085/customers?supplierId=1

However if I remove the URL query string ?supplierId=1 then no errors occur. Please help me understand what im doing wrong or if theres a bug with this package.

This is what Chrome Dev Tools show me:

GENERAL
Request URL: https://api-local.myapp.com:8085/customers?supplierId=1
Referrer Policy: strict-origin-when-cross-origin

RESPONSE HEADERS
HTTP/1.1 500 Internal Server Error
Server: nginx/1.10.3
Date: Thu, 03 Jun 2021 06:03:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.15

REQUEST HEADERS
GET /customers?supplierId=1 HTTP/1.1
Host: api-local.myapp.com:8085
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
Accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://local.myapp.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://local.myapp.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
  • I made sure to clear all caches (routes, config, app)
  • I made sure cors.php wasnt messed with 
     'paths' => ['*', 'sanctum/csrf-cookie'],

 'allowed_methods' => ['*'],

 'allowed_origins' => ['*'],

 'allowed_origins_patterns' => [],

 'allowed_headers' => ['*'],

 'exposed_headers' => [],

 'max_age' => 0,

 'supports_credentials' => false,
  • I made sure that the middleware is set correctly in the global middleware in app/Http/Kernel.php 
    protected $middleware = [
     ...,
     \Fruitcake\Cors\HandleCors::class,
     ...,
]
  • I made sure that Nginx is not setting any cors rules.
  • Im using the latest version set in composer as "fruitcake/laravel-cors": "^2.0", but updated to 2.0.4.

diegocam avatar Jun 03 '21 06:06 diegocam

same problem I am facing.

susantp avatar Sep 04 '21 18:09 susantp

I am facing the same problem

arnavzek avatar Mar 13 '22 05:03 arnavzek

I solved this problem by switching from Query parameters to Route parameters

https://laravel.com/docs/9.x/routing#route-parameters

arnavzek avatar Mar 13 '22 06:03 arnavzek

Any other solution too keep query params ?

arminkardovic avatar Dec 18 '22 13:12 arminkardovic