Homestead: Feature request: CORS

It would be very handy is CORS could be enabled/disabled in Homestead.yaml or any other defined way, rather than directly modifying generated apache/nginx config files. Partially the request was in ticket #614 which was closed unresolved.

Bluntly: It's not been a need for me so it hasn't made it high enough on my priorities for me to make it happen.

I stand happy and ready to review any PRs which may add this functionality.

Would be glad to help. Unfortunately I didn't manage to properly enable it even in configs directly :). So had to workaround CORS itself. Here someone is needed who know both Homestead and nginx specifics well.

@svpernova09 Wouldn't it make sense to keep this issue open, so anyone could see a PR is welcome?

Wouldn't it make sense to keep this issue open, so anyone could see a PR is welcome?

I'd rather keep issue counts down instead of open for long periods of time and rotting. I think it's pretty obvious from the 210 contributors this project has that pull requests are welcome and actively triaged :D

Wouldn't it make sense to keep this issue open, so anyone could see a PR is welcome?

I'd rather keep issue counts down instead of open for long periods of time and rotting. I think it's pretty obvious from the 210 contributors this project has that pull requests are welcome and actively triaged :D

You're right. Do you then have anything like roadmap or feature request list? To keep the demands known for the contributors :)

@ipa1981 just facing the same issue, have you managed to find any quick workaround after all?

Not really. Config's didn't work, at least I didn't manage to set them up correctly in Homestead.

I rearranged domains to be the same and it worked somehow.

xxx.local
a.xxx.local
b.xxx.local

Not very convenient if you have multiple projects with shared microservices, but didn't solve it any other way yet.

@ipa1981 @adriandmitroca

The correct way is to use/write a CORS middleware, and then apply it to your routes.

But if you want to solve it quickly, add this to \public\index.php:

header('Access-Control-Allow-Origin: *');  
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');

This will allow access to all of your endpoints from any domain. If you are working on a public API, then this is what you want.

For deep dive and specific use-cases, CORS package for Laravel is here.

@TommyZG

Thanks, but the request is about static content. Let's say statically generated .json file. Laravel or any other dynamic content is not an issue.

@ipa1981

Oh, sorry about that. I guess you have tried with nginx directives like these: https://enable-cors.org/server_nginx.html. What didn't work? Would you like to restrict access to some domains?

Yes, that was tried. CORS worked partially, as it breaks some other things - like POST (non-CORS) request's stopped working on Homestead for some reason. So there is probably some configuration conflict I was unable to find out and resolve, or maybe I did something incorrectly.

And no, there is no need to restrict any other domains, since it's just a dev environment.

@ipa1981 Although you probably tried this, but could you try putting these lines to your /etc/nginx/sites-enabled/domain.tld configuration file, but in server { } block, not in location { } block:

add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With' always;

@TommyZG Thanks, I'd try, but I made a complete workaround with domains, so now I cannot simply replicate the environment to test if your proposal works.

However, I added your proposed config to server{...} rather than location{...} like you suggested and it didn't break my configuration at least :). I see CORS headers and POST works. But again, it is a different setup now, so I cannot check if this 100% working solution.

Anyway, thanks for the assistance, if I had to play with CORS in the future, I'll definitely check this.

No problem, maybe someone else runs into the same problem.