Cors error in the Laravel when using middleware jwt.auth

Asked

Viewed 448 times

1

When I try to make an http request inside my jwt.auth middleware I receive:

:9000/#/Dash/typeproducts:1 Access to Xmlhttprequest at 'https://api2.jcontrole.com.br/api/notificacoes/gerais' from origin 'http://localhost:9000' has been blocked by CORS policy: Request header field token is not allowed by Access-Control-Allow-Headers in preflight Sponse.

| Framework | Laravel
| Framework version | 5.6
| Package version | Using "barryvdh/Laravel-Cors": " 0.9.2", and "tymon/jwt-auth": " 0.5.12"
| PHP version | PHP 5.6.36 (cli) (built: Apr 25 2018 16:45:32)

I have these routes without the middleware jwt:

<?php

use Illuminate\Http\Request;

Auth::routes();

//Route::post('login', 'UserController@acessarSistema'); 
Route::post('login', 'UserController@authenticate');

They work normally but when I try to make a request in a group that has jwt.auth middleware I get Cors error:

$this->group(['middleware' => 'jwt.auth', ['prefix' => 'api']], function() {

      Route::post('admin/tipo-produto', 'TipoProdutosController@create')->name('cadastrar_tipo_produto')->middleware('checarPermissaoTela');

})

I tried using Cors package, added it in my middlewareGroups:

protected $middlewareGroups = [
    'web' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
        // \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],

    'api' => [
        'throttle:60,1',
        'bindings',
        **\Barryvdh\Cors\HandleCors::class,**
    ],
];

My config Cors in config/Cors.php:

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Laravel CORS
    |--------------------------------------------------------------------------
    |
    | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
    | to accept any value.
    |
    */

    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => [],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => [],
    'maxAge' => 0,

];

I also tried to add in public/index.php:

header('Access-Control-Allow-Origin: *');  
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');
laravel cors jwt

  • I had the same problem but using Angular. Searching the google found this post https://daveceddia.com/access-control-allow-origin-cors-errors-in-angular/ which is very complete and gives several solution options. I solved mine with the first suggestion by changing the server of my API.

1 answer

0

It was resolved on the Apache server by changing the apache.conf file:

Header set Access-Control-Allow-Origin "*"

Browser other questions tagged laravel cors jwt

You are not signed in. Login or sign up in order to post.