Angularjs 'Access-Control-Allow-Origin' using Laravel CORS

问题:

I have just installed Laravel CORS by barryvdh, the module works fine to my knowledge but i seem to be still facing the Access-Control-Allow-Origin error

XMLHttpRequest cannot load http://acns.example.com:8000/status/d6uIlvwwi8PrvQe4kQfufyZ0LlqQqJyGeyJjdC…I4OTYzMTJlYzYyMmMxOTVkNWI5YjNjYzM1MTczNyIsInMiOiI2ZDcwZDg5N2FkOTQxZDFkIn0=. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:8000' is therefore not allowed access.

below is my angular code to execute the function:

var SomeApp = angular.module('SomeApp',['ngResource','ngSanitize']) SomeApp.factory('SomeAppService', ['$resource', function($resource){      return {                  firstActions : $resource(svrid('acns') + '/action/:payload',{payload:'@payload'},                 {                     'remove': {method:'DELETE',isArray:true, cache:false},                     'save' : {method:'POST', isArray:true, cache:false},                     'query' : {method:'GET', isArray:true,cache:false},                 }, {cache:false}                 ),          //some more other functions     };   }]); 

While further diving into the code, i realize that the supposingly appended headers are not being included in the xhr request (refer image below)

What am I missing here?

Update 1: I slightly narrow down the problem most probably related to barryvdh's laravel-cors that uses asm89's stack-cors where by the config\cors.php is not properly passed to asm89. Not very confident with the problem but i did some manual override which causes OPTIONS to work when i manually pass the array in config\cors.php to asm89 but then on the other hand causes other methods to fail.

Update 2: i tried manually alter a section under Asm89\Stack\CorsService give it a default value like such:

private function normalizeOptions(array $options = array())     {             $options += array(             'allowedOrigins' => array('*'),             'supportsCredentials' => true,             'allowedHeaders' => array('*'),             'exposedHeaders' => array('*'),             'allowedMethods' => array('*'),             'maxAge' => 0,         );         // Some other codes         // normalize array('*') to true          return $options;     } 

and comment out one small section

public function handlePreflightRequest(Request $request) {     /*if (true !== $check = $this->checkPreflightRequestConditions($request)) {     return $check;     }*/      return $this->buildPreflightCheckResponse($request); } 

It works perfectly for preflight OPTIONS and GET method but POST and DELETE method will prompt me with an error

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:8000' is therefore not allowed access. The response had HTTP status code 500.

After the preflight OPTIONS request

回答1:

You need to add the CORS response headers in the server side.

回答2:

I was having a similar issue, where all cross-domain AJAX requests would work, expect for POST requests. The POST responses would be missing the 'Access-Control-Allow-Origin' header, but GET and DELETE requests functioned as expected.

It turned out that I had disabled suppression of deprecated warning in php.ini, and by using

$data = Input::json()->all(); 

in my controller, PHP was throwing a

 PHP Deprecated:  Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0 

warning, followed by a

PHP Warning:  Cannot modify header information - headers already sent 

warning.

This meant that my custom headers were never sent. I fixed the problem by simply suppressing the deprecated warnings in php.ini.

The deprecated problem I will have to deal with in the future, but for now it's a functioning workaround to getting POST data from JSON requests in laravel.

文章来源: Angularjs 'Access-Control-Allow-Origin' using Laravel CORS