Cors not working in all the apis laravel 5.2

Question

routes.php

header('Access-Control-Allow-Origin: http://localhost:9001/#!/');
header('Access-Control-Allow-Credentials: true');

Route::group(['prefix' => 'api'], function () {

Route::post('users/login', array('middleware' => 'Cors', 'uses' => 'Auth\AuthController@login')); 
});`

Route::group(['prefix'=>'api'], function()
{

Route::group(['middleware'=>'jwt-auth'], function ()
{
    Route::post('postjob/store', array('middleware' => 'Cors', 'uses'=> 'PostController@store'));

 });

});

Cors.php

Cors Middlerware
   public function handle($request, Closure $next)
{

    header("Access-Control-Allow-Origin: *");



    // ALLOW OPTIONS METHOD
    $headers = [
        'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
        'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
    ];
    if($request->getMethod() == "OPTIONS") {
        // The client-side application can set only headers allowed in Access-Control-Allow-Headers
        return Response::make('OK', 200, $headers);
    }

    $response = $next($request);
    foreach($headers as $key => $value)
        $response->header($key, $value);
    return $response;
}

angular code in which my api used

service.postjob = function (token, userId, job_shift, job_type, job_description, degree_title, city, experience, career_level, gender, total_position, minimum_edu, apply_before, callback)
               {
            return $http({
                method: 'POST',
                url: 'http://192.168.10.4/jobpost1/public/api/job',
                params: {
      "token" :token,
      "user_id": userId,
      "job_shift": job_shift,
      "job_type": job_type,
      "job_description":job_description,
      "degree_title": degree_title,
      "city": city,
      "experience": experience,
      "career_level": career_level,
      "gender":gender,
     "total_position": total_position,
    "minimum_edu":minimum_edu,
     "apply_before": apply_before
                }
            }).then(function successCallback(response, status) {
      callback(response, status);
      debugger;
    }
      , function errorCallback(response, status) {
        callback(response, status);
        debugger;
      });
        };

users/login api works perfect but postjob/store api gives the same error when i was not apply cors on it. cors apply but why it show error no ACCESS-CONTROL-ALLOW-ORGIN HEADER IS PRESENT

Answer 1

You can bypass this one without using any middleware like Barryvdh\Cors for Laravel which was not working properly with JWT AUTH , I have added the following statements in the index.php in Laravel just before the Kernel instantiation

header('Access-Control-Allow-Origin: http://localhost:8001');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token,Authorization');
header('Access-Control-Allow-Credentials: true');

add this one before

$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);

this should work properly with JWT AUTH also. Kindly note that in Access-Control-Allow-Headers you should include Authorization otherwise your accesstoken will not be allowed with Authorization header therefore JWT AUTH will fail. Happy Coding.

Answer 2

Update your $headers array to include Access-Control-Allow-Origin, as follows:

$headers = [
    'Access-Control-Allow-Origin'  => '*',
    'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS',
    'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin',
];

This has worked for me in the past.