Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

CORS fails when sending URL query string in GET request #534

Open
diegocam opened this issue Jun 3, 2021 · 4 comments
Open

CORS fails when sending URL query string in GET request #534

diegocam opened this issue Jun 3, 2021 · 4 comments

Comments

@diegocam
Copy link

diegocam commented Jun 3, 2021
edited

Im working locally. Trying to make a simple ajax GET request from frontend app to my Laravel API, but the request fails with a CORS error: Origin is not allowed by Access-Control-Allow-Origin

I am sending the request fromhttps://local.myapp.com/ to

https://api-local.myapp.com:8085/customers?supplierId=1

However if I remove the URL query string ?supplierId=1 then no errors occur. Please help me understand what im doing wrong or if theres a bug with this package.

This is what Chrome Dev Tools show me:

GENERAL
Request URL: https://api-local.myapp.com:8085/customers?supplierId=1
Referrer Policy: strict-origin-when-cross-origin

RESPONSE HEADERS
HTTP/1.1 500 Internal Server Error
Server: nginx/1.10.3
Date: Thu, 03 Jun 2021 06:03:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.4.15

REQUEST HEADERS
GET /customers?supplierId=1 HTTP/1.1
Host: api-local.myapp.com:8085
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
Accept: */*
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
Origin: https://local.myapp.com
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://local.myapp.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
  • I made sure to clear all caches (routes, config, app)
  • I made sure cors.php wasnt messed with 
     'paths' => ['*', 'sanctum/csrf-cookie'],

 'allowed_methods' => ['*'],

 'allowed_origins' => ['*'],

 'allowed_origins_patterns' => [],

 'allowed_headers' => ['*'],

 'exposed_headers' => [],

 'max_age' => 0,

 'supports_credentials' => false,
  • I made sure that the middleware is set correctly in the global middleware in app/Http/Kernel.php 
    protected $middleware = [
     ...,
     \Fruitcake\Cors\HandleCors::class,
     ...,
]
  • I made sure that Nginx is not setting any cors rules.
  • Im using the latest version set in composer as "fruitcake/laravel-cors": "^2.0", but updated to 2.0.4.
@susantp
Copy link

susantp commented Sep 4, 2021

same problem I am facing.

@arnavzek
Copy link

I am facing the same problem

@arnavzek
Copy link

I solved this problem by switching from Query parameters to Route parameters

https://laravel.com/docs/9.x/routing#route-parameters

@arminkardovic
Copy link

Any other solution too keep query params ?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@susantp @diegocam @arminkardovic @arnavzek