Lloyd Banks
Lloyd Banks

Reputation: 36709

Laravel 4.2 - Disabling Set-Cookie Header for OPTIONS responses

I have a stateless API built with Laravel. I use the following filter to prevent the Set-Cookie header from being sent back to the requester on all requests:

Route::filter('auth.firewall', function(){
    Config::set('session.driver', 'array');
});

My API is called from a different sub-domain than the one it's hosted at and an OPTIONS request is sent from the client before any RESTful request. On the response to these OPTIONS requests, Laravel is still sending a Set-Cookie header.

How would I disable the Set-Cookie header for OPTIONS requests? I want to disable Set-Cookie for only the API and not the whole Laravel application since I have a site running off of the same Laravel app and using Larave's sessions capabilities.

This is what my header settings currently look like:

App::before(function(){
    // Allow CORS requests
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
    header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
    header('Access-Control-Allow-Credentials: true');
});

Upvotes: 0

Views: 950

Answers (1)

Lloyd Banks
Lloyd Banks

Reputation: 36709

I added a $request->getMethod() to the callback function registered with App:before. If the request was an OPTIONS request, I set the session driver to array.

App::before(function($request){
    // Allow CORS requests
    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
    header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
    header('Access-Control-Allow-Credentials: true');
    if($request->getMethod() == 'OPTIONS'){
        Config::set('session.driver', 'array');
    }
});

Upvotes: 0

Related Questions