Api: CORS display error Request Method:OPTIONS Status Code:405 Method Not Allowed

Created on 17 Sep 2015  路  3Comments  路  Source: dingo/api

1 I have a angularjs app in http://web.app send a request to login in

Remote Address:127.0.0.1:8888
Request URL:http://homestead.app/api/auth/login
Request Method:OPTIONS
Status Code:405 Method Not Allowed

2 in my lumen routes.php

$api = app('Dingo\Api\Routing\Router');

$api->version('v1', function ($api) {
$api->post('auth/login', [
'as' => 'auth.login', 'uses' => 'App\Http\Controllers\AuthController@postLogin'
]);
});

3 and I add a middleware to handle cors

class CorsMiddleware {

public function handle($request, \Closure $next)
{
$response = $next($request);

$response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, PATCH, DELETE');
$response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers'));
$response->header('Access-Control-Allow-Origin', '*');

return $response;

}

}

load in app.php

$app->middleware([
// // Illuminate\Cookie\Middleware\EncryptCookies::class,
// // Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
// // Illuminate\Session\Middleware\StartSession::class,
// // Illuminate\View\Middleware\ShareErrorsFromSession::class,
// // Laravel\Lumen\Http\Middleware\VerifyCsrfToken::class,
App\Http\Middleware\CorsMiddleware::class
]);

$app->register(Dingo\Api\Provider\LumenServiceProvider::class);
$app->register(Tymon\JWTAuth\Providers\JWTAuthServiceProvider::class);
app('Dingo\Api\Auth\Auth')->extend('jwt', function ($app) {
return new Dingo\Api\Auth\Provider\JWT($app['Tymon\JWTAuth\JWTAuth']);
});

class_alias('Tymon\JWTAuth\Facades\JWTAuth', 'JWTAuth');
/** This gives you finer control over the payloads you create if you require it.

how i can fixed it. thanks!

picture yanguanglan

Most helpful comment

Yeah Lumen doesn't automatically handle OPTIONS requests. It does actually return the allowed methods in the allow header but it's a 405 Method Not Allowed, which is handled incorrectly.

You can throw together your own simple middleware to handle this.

use Closure;
use Illuminate\Http\Response;

class Preflight
{
    public function handle($request, Closure $next)
    {
        $response = $next($request);

        if ($request->getMethod() == 'OPTIONS' && $response->getStatusCode() == 405) {
            return new Response('', 204, $response->headers->all());
        }

        return $response;
    }
}
picture jasonlewis on 30 Sep 2015
👍31

All 3 comments

Hi, you can use this laravel package laravel-cors

and add this to your middleware array

\Barryvdh\Cors\HandleCors::class,
\Barryvdh\Cors\HandlePreflight::class,
jarbitlira picture jarbitlira on 21 Sep 2015

I'll see what I find. Lumen might handle options requests differently.

jasonlewis picture jasonlewis on 22 Sep 2015

Yeah Lumen doesn't automatically handle OPTIONS requests. It does actually return the allowed methods in the allow header but it's a 405 Method Not Allowed, which is handled incorrectly.

You can throw together your own simple middleware to handle this.

use Closure;
use Illuminate\Http\Response;

class Preflight
{
    public function handle($request, Closure $next)
    {
        $response = $next($request);

        if ($request->getMethod() == 'OPTIONS' && $response->getStatusCode() == 405) {
            return new Response('', 204, $response->headers->all());
        }

        return $response;
    }
}
jasonlewis picture jasonlewis on 30 Sep 2015
👍31
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dejan7 picture dejan7  路  3Comments
Sogl picture Sogl  路  4Comments
MicroDroid picture MicroDroid  路  3Comments
fengerwoo picture fengerwoo  路  4Comments
yaoshanliang picture yaoshanliang  路  4Comments