Api: CORS made impossible to access API via browser

Created on 28 Aug 2018  路  5Comments  路  Source: dingo/api

| Q | A
| ----------------- | ---
| Bug? |yes
| New Feature? | no|yes
| Framework | Laravel|Lumen
| Framework version | 5.x.y
| Package version | 1.x.y
| PHP version | 5.x.y|7.x.y

Actual Behaviour

After I've added CORS middleware to make it work on two hosts only it stopped responding on routes in browser.

When I go to any route it says

{"message":"Undefined index: HTTP_ORIGIN","status_code":500}

My CORS middleware

$allowedOrigins = ['http://localhost:4200', 'http://api.example.com'];
        $origin = $_SERVER['HTTP_ORIGIN'];

        if (in_array($origin, $allowedOrigins)) {
            return $next($request)
                ->header('Access-Control-Allow-Origin', $origin)
                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE')
                ->header('Access-Control-Allow-Headers', 'Content-Type');
        }

If I access it via Angular it works fine but I need to make requests in browser just to keep data under my glance.

picture gultyaev

Most helpful comment

have you ever tried the barryvdh/laravel-cors? in me it works perfectly

picture zackijack on 14 Sep 2018
👍3

All 5 comments

Don't you have any error in your logs?

catalinux picture catalinux on 28 Aug 2018

To be more precise

[2018-08-28 20:27:55] local.ERROR: Undefined index: HTTP_ORIGIN {"exception":"[object] (ErrorException(code: 0): Undefined index: HTTP_ORIGIN at /Users/sergeygultyayev/Projects/laravel-api/app/Http/Middleware/Cors.php:19)
[stacktrace]
#0 /Users/sergeygultyayev/Projects/laravel-api/app/Http/Middleware/Cors.php(19): Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(8, 'Undefined index...', '/Users/sergeygu...', 19, Array)
#1 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): App\\Http\\Middleware\\Cors->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#2 /Users/sergeygultyayev/Projects/laravel-api/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#3 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Fideloper\\Proxy\\TrustProxies->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#4 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#5 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#6 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#7 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#8 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#9 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#10 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#11 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#12 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))
#13 /Users/sergeygultyayev/Projects/laravel-api/vendor/dingo/api/src/Http/Middleware/Request.php(127): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#14 /Users/sergeygultyayev/Projects/laravel-api/vendor/dingo/api/src/Http/Middleware/Request.php(103): Dingo\\Api\\Http\\Middleware\\Request->sendRequestThroughRouter(Object(Dingo\\Api\\Http\\Request))
#15 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(151): Dingo\\Api\\Http\\Middleware\\Request->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))
#16 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
#17 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
#18 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#19 /Users/sergeygultyayev/Projects/laravel-api/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
#20 /Users/sergeygultyayev/Projects/laravel-api/public/index.php(55): Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
#21 {main}
"}

As for me it's a bit strange since while I'm accessing it as API via my Angular app it works fine, but when I want to open that URL in the browser it breaks(worked before CORS). Also as far as I know declared in kernel $middleware invokes each time request comes.

gultyaev picture gultyaev on 28 Aug 2018

Angular sends automatically the origin header. When you use a simple browser, it's not set so your code raises the undefined index. Write a better code (i.e. that checks for HTTP_ORIGIN before using it) and you'll solve the issue.

filippotoso picture filippotoso on 4 Sep 2018
👎2

have you ever tried the barryvdh/laravel-cors? in me it works perfectly

zackijack picture zackijack on 14 Sep 2018
👍3

As above. This is not really a concern of this package - it is just a building block of the API project, not the whole thing.

It's also not necessary in every case (for example, B2B APIs).

If you are looking for a ready to go boilerplate, have a look at my project here - https://github.com/specialtactics/l5-api-boilerplate

specialtactics picture specialtactics on 26 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jdforsythe picture jdforsythe  路  3Comments
Sogl picture Sogl  路  4Comments
MicroDroid picture MicroDroid  路  3Comments
keripix picture keripix  路  3Comments
jhayiwg picture jhayiwg  路  3Comments