Laravel CORS into framework v 9

Question

Before Laravel 9 when I have error:

Access to XMLHttpRequest at 'http://localhost:8000/demo' from origin 'null' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is 
present on the requested resource.

I must install fruitcake/laravel-cors ( https://www.positronx.io/how-to-enable-cors-in-laravel/ ).

In Laravel 9 I found information:

"Integrate Laravel CORS into framework Dries Vints migrated the fruitcake/laravel-cors package into the Laravel framework: The main reason is that we want to remove a circular dependency we rely on additionally to the fact that we eliminate another dependency of the skeleton. All credits for the code go to @barryvdh of @fruitcake . Thanks for maintaining that package for so long!".

How can I make cors for example for url: api/list and api/profiles in new Laravel?

Answer 1

In your app/Http/Kernel.php check that CORS middleware is present:

protected $middleware = [
    ...
    \Illuminate\Http\Middleware\HandleCors::class,
    ...
];

Then open your config/cors.php. It works exactly the same as fruitcake/laravel-cors:

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Cross-Origin Resource Sharing (CORS) Configuration
    |--------------------------------------------------------------------------
    |
    | Here you may configure your settings for cross-origin resource sharing
    | or "CORS". This determines what cross-origin operations may execute
    | in web browsers. You are free to adjust these settings as needed.
    |
    | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    |
    */

    'paths' => ['api/*', 'sanctum/csrf-cookie'],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => false,

];