CORS: No 'Access-Control-Allow-Origin' header is present even though response is 200?

Question

I am trying to make a cross domain request from my React app (localhost:3000) to my Laravel PHP app (localhost:8000). I believe I have the back end set up to accept cross domain requests. I used this: https://github.com/barryvdh/laravel-cors

I seem to have all the parameters from this answer (https://stackoverflow.com/a/38087435/1555312), so I don't get why mine doesn't work. I actually see a 200 response + the expected body when I use the chrome console.

Here is the error I see in my console:

Failed to load http://localhost:8000/api/v1/upload-sessions: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

Here is how my POST request looks like:

OPTIONS request:

POST request:

Expected response is sent, even though it complains about the CORS issue:

Answer 1

You need to set Access-Control-Allow-... on the response, not the request.

Once you remove that from the request, you probably won't need a pre-flight, so the OPTIONS request won't happen.