Laracast Restler V. 3.0.0rc5 DELETE Method 403 Forbidden Exception

Question

I'm using Restler V. 3.0.0rc5 to build a PHP Rest API. GET & POST requests are working fine, but for some reason, any attempt to do a DELETE returns a 403 Forbidden error.

Thanks in advance

Answer 1

The issue is most likely that you don't have the correct Access Control headers on your server. Here's some that likely will resolve your issue:

You can put these inside of things like:

• Middleware
• Service Provicers
• Controller __construct() methods.

The most common would be something like a CORS Middleware:

php artisan make:middleware Cors

Then add it to your routeMiddleware in your App\Http\Kernel.php

'cors' => \App\Http\Middleware\Cors::class,

Then apply this middleware to routes you wish to expose to the API:

Route::group(['prefix' => 'api', 'middleware' => ['cors']], function(){
    //your API routes
});

Then finally, we'll use the following code inside of our handle function in our App\Http\Middleware\Cors to configure our headers:

public function handle($request, Closure $next)
{
    if (in_array($request->method, ['post', 'put', 'delete', 'get', 'options'])) {
        return $next($request) 
            ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
            ->header('Access-Control-Allow-Headers', 'accept, content-type, 
            x-xsrf-token, x-csrf-token'); // Add any required headers here
    }
    return $next($request);
}

Tweak the header response as you see fit.