Reputation: 36709
I have a stateless API built with Laravel. I use the following filter to prevent the Set-Cookie header from being sent back to the requester on all requests:
Route::filter('auth.firewall', function(){
Config::set('session.driver', 'array');
});
My API is called from a different sub-domain than the one it's hosted at and an OPTIONS request is sent from the client before any RESTful request. On the response to these OPTIONS requests, Laravel is still sending a Set-Cookie header.
How would I disable the Set-Cookie header for OPTIONS requests? I want to disable Set-Cookie for only the API and not the whole Laravel application since I have a site running off of the same Laravel app and using Larave's sessions capabilities.
This is what my header settings currently look like:
App::before(function(){
// Allow CORS requests
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
header('Access-Control-Allow-Credentials: true');
});
Upvotes: 0
Views: 950
Reputation: 36709
I added a $request->getMethod()
to the callback function registered with App:before
. If the request was an OPTIONS request, I set the session driver to array.
App::before(function($request){
// Allow CORS requests
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With, userToken, user_token');
header('Access-Control-Allow-Credentials: true');
if($request->getMethod() == 'OPTIONS'){
Config::set('session.driver', 'array');
}
});
Upvotes: 0