Skip to content
This repository has been archived by the owner on Feb 16, 2023. It is now read-only.

Lumen CORS Preflight (Options) Method is Not Allowed #535

Open
fahmiegerton opened this issue Jun 6, 2021 · 1 comment
Open

Lumen CORS Preflight (Options) Method is Not Allowed #535

fahmiegerton opened this issue Jun 6, 2021 · 1 comment

Comments

@fahmiegerton
Copy link

fahmiegerton commented Jun 6, 2021
edited

Before you start

[ x ] Update to the latest version by running composer update fruitcake/laravel-cors

[ x ] Make sure that Apache/nginx/Valet are NOT also adding CORS headers

Check your config

[ x ] Double-check your config file with the version from the repo. Make sure the paths property is correctly set. Start by allowing as much as possible.
[ x ] Make sure the middleware is added to the global middleware in your Http Kernel (not group)

Clear your caches

Please do these steps again before submitting an issue:
[ x ] Clear your config cache php artisan config:clear, route cache (php artisan route:clear) and normal cache (php artisan cache:clear).
[ x ] Make sure your permissions are setup correctly (eg. storage is writable)

Make the request

Open Chrome Devtools to see which requests are actually happening. Make sure you see the actual OPTIONS requests for POST/PUT/DELETE (see https://stackoverflow.com/questions/57410051/chrome-not-showing-options-requests-in-network-tab)

Please show the actual request + response headers as sent by the OPTIONS request and the POST request (when available)

> curl -X OPTIONS -I http://api.weblumenlokal.local

HTTP/1.0 405 Method Not Allowed
Date: Sun, 06 Jun 2021 08:04:02 GMT
Server: Apache/2.4.41 (Win64) PHP/7.4.0
X-Powered-By: PHP/7.4.0
Allow: GET
Cache-Control: no-cache, private
Connection: close
Content-Type: text/html; charset=UTF-8

config/cors.php

<?php

return [

	/*
    |--------------------------------------------------------------------------
    | Laravel CORS Options
    |--------------------------------------------------------------------------
    |
    | The allowed_methods and allowed_headers options are case-insensitive.
    |
    | You don't need to provide both allowed_origins and allowed_origins_patterns.
    | If one of the strings passed matches, it is considered a valid origin.
    |
    | If ['*'] is provided to allowed_methods, allowed_origins or allowed_headers
    | all methods / origins / headers are allowed.
    |
    */

	/*
     * You can enable CORS for 1 or multiple paths.
     * Example: ['api/*']
     */
	'paths' => ['*'],

	/*
    * Matches the request method. `['*']` allows all methods.
    */
	'allowed_methods' => ['*'],

	/*
     * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
     */
	'allowed_origins' => ['*'],

	/*
     * Patterns that can be used with `preg_match` to match the origin.
     */
	'allowed_origins_patterns' => [],

	/*
     * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
     */
	'allowed_headers' => ['*'],

	/*
     * Sets the Access-Control-Expose-Headers response header with these headers.
     */
	'exposed_headers' => [],

	/*
     * Sets the Access-Control-Max-Age response header when > 0.
     */
	'max_age' => 1000,

	/*
     * Sets the Access-Control-Allow-Credentials header.
     */
	'supports_credentials' => false,
];

bootstrap/app.php

<?php

require_once __DIR__ . '/../vendor/autoload.php';

(new Laravel\Lumen\Bootstrap\LoadEnvironmentVariables(
	dirname(__DIR__)
))->bootstrap();

date_default_timezone_set(env('APP_TIMEZONE', 'UTC'));

/*
|--------------------------------------------------------------------------
| Create The Application
|--------------------------------------------------------------------------
|
| Here we will load the environment and create the application instance
| that serves as the central piece of this framework. We'll use this
| application as an "IoC" container and router for this framework.
|
*/

$app = new Laravel\Lumen\Application(
	dirname(__DIR__)
);

$app->withFacades();

$app->withEloquent();

/*
|--------------------------------------------------------------------------
| Register Container Bindings
|--------------------------------------------------------------------------
|
| Now we will register a few bindings in the service container. We will
| register the exception handler and the console kernel. You may add
| your own bindings here if you like or you can make another file.
|
*/

$app->singleton(
	Illuminate\Contracts\Debug\ExceptionHandler::class,
	App\Exceptions\Handler::class
);

$app->singleton(
	Illuminate\Contracts\Console\Kernel::class,
	App\Console\Kernel::class
);

/*
|--------------------------------------------------------------------------
| Register Config Files
|--------------------------------------------------------------------------
|
| Now we will register the "app" configuration file. If the file exists in
| your configuration directory it will be loaded; otherwise, we'll load
| the default version. You may register other files below as needed.
|
*/

$app->configure('app');
$app->configure('permission');
$app->configure('cors');
$app->configure('auth');

$app->alias('cache', \Illuminate\Cache\CacheManager::class);

/*
|--------------------------------------------------------------------------
| Register Middleware
|--------------------------------------------------------------------------
|
| Next, we will register the middleware with the application. These can
| be global middleware that run before and after each request into a
| route or middleware that'll be assigned to some specific routes.
|
*/

$app->middleware([
	Fruitcake\Cors\HandleCors::class
	//  App\Http\Middleware\ExampleMiddleware::class,
]);

$app->routeMiddleware([
	'auth' => App\Http\Middleware\Authenticate::class,
	'permission' => \Spatie\Permission\Middlewares\PermissionMiddleware::class,
	'role'       => \Spatie\Permission\Middlewares\RoleMiddleware::class,
	'role_or_permission' => \Spatie\Permission\Middlewares\RoleOrPermissionMiddleware::class,
]);

/*
|--------------------------------------------------------------------------
| Register Service Providers
|--------------------------------------------------------------------------
|
| Here we will register all of the application's service providers which
| are used to bind services into the container. Service providers are
| totally optional, so you are not required to uncomment this line.
|
*/

// $app->register(App\Providers\AppServiceProvider::class);
$app->register(App\Providers\AuthServiceProvider::class);
$app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
// $app->register(App\Providers\EventServiceProvider::class);
$app->register(Spatie\Permission\PermissionServiceProvider::class);
$app->register(Fruitcake\Cors\CorsServiceProvider::class);

/*
|--------------------------------------------------------------------------
| Load The Application Routes
|--------------------------------------------------------------------------
|
| Next we will include the routes file so that they can all be added to
| the application. This will provide all of the URLs the application
| can respond to, as well as the controllers that may handle them.
|
*/

$app->router->group([
	'namespace' => 'App\Http\Controllers',
], function ($router) {
	require __DIR__ . '/../routes/web.php';
});

return $app;
@sawirricardo
Copy link

any news on this?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fahmiegerton @sawirricardo