Laravel 5.2 CORS, GET not working with preflight OPTIONS

Clearly not the ideal solution but it WORKS. I’ve added this to the top of my routes.php file: header(‘Access-Control-Allow-Origin: *’); header( ‘Access-Control-Allow-Headers: Authorization, Content-Type’ ); It would be nice to get this working without a hack… alas. UPDATE: It turned out to be IIS related. I ended up setting the headers in the web.config file … Read more

Enable CORS in Spring 5 Webflux?

I had success with this custom filter: import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.web.cors.reactive.CorsUtils; import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilterChain; import reactor.core.publisher.Mono; @Configuration public class CorsConfiguration { private static final String ALLOWED_HEADERS = “x-requested-with, authorization, Content-Type, Authorization, credential, X-XSRF-TOKEN”; private static final String ALLOWED_METHODS = “GET, … Read more

Cross-Origin Resource Sharing with Spring Security

I was able to do this by extending UsernamePasswordAuthenticationFilter… my code is in Groovy, hope that’s OK: public class CorsAwareAuthenticationFilter extends UsernamePasswordAuthenticationFilter { static final String ORIGIN = ‘Origin’ @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response){ if (request.getHeader(ORIGIN)) { String origin = request.getHeader(ORIGIN) response.addHeader(‘Access-Control-Allow-Origin’, origin) response.addHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, PUT, DELETE’) response.addHeader(‘Access-Control-Allow-Credentials’, ‘true’) response.addHeader(‘Access-Control-Allow-Headers’, request.getHeader(‘Access-Control-Request-Headers’)) } … Read more

Cross Origin Resource Sharing with Credentials

Two thoughts: 1) are you also including the “Access-Control-Allow-Credentials: true” header? This is needed for passing cookie credentials (and the corresponding XHR client must set .withCredentials = true) 2) Have you tried the suggestion from your link and only include the origin for the current request. For example, if a request comes in with the … Read more

How do I use Access-Control-Allow-Origin? Does it just go in between the html head tags?

There are 3 ways to allow cross domain origin (excluding jsonp): Set the header in the page directly using a templating language like PHP. Keep in mind there can be no HTML before your header or it will fail. Modify the server configuration file (apache.conf) and add this line. Note that “*” represents allow all. … Read more

Enable CORS in Golang

I use gorilla/mux package to build Go RESTful API server, and client use JavaScript Request can work, My Go Server runs at localhost:9091, and the Server code: router := mux.NewRouter() //api route is /people, //Methods(“GET”, “OPTIONS”) means it support GET, OPTIONS router.HandleFunc(“/people”, GetPeopleAPI).Methods(“GET”, “OPTIONS”) log.Fatal(http.ListenAndServe(“:9091”, router)) I find giving OPTIONS here is important, otherwise error … Read more