How to Enable CORS in Laravel

In this tutorial you will learn about the How to Enable CORS in Laravel and its application with practical example.

In this How to Enable CORS in Laravel tutorial, I will show you how to enable CORS (Cross-Origin Resource Sharing) in Laravel 8 application. In this tutorial you will learn to enable CORS in laravel application. You will also learn to install and configure CORS to get rid of CORS header ‘access-control-allow-origin’ missing problem. When a request is made between two between two different servers or domains because of security concern we usually get No ‘Access-Control-Allow-Origin’ warning. Enabling CORS authenticate the resource sharing between two different domains.

Table Of Contents−

How to Enable CORS in Laravel
Installing CORS Package in Laravel

Registering CORS Middleware

In this step by step tutorial I will demonstrate you how to enable CORS (Cross-Origin Resource Sharing) in Laravel 8. Please follow the instruction given below:

Laravel CORS Example
CORS Middleware Nitty-Gritty
Create API in Laravel

Make Http GET Request with AJAX
Malevolent Laravel CORS Error
Installing CORS Package in Laravel

Registering CORS Middleware

Laravel 8 CORS Example

First of all we need to create a fresh laravel project, download and install Laravel 8 using the below command

composer create-project laravel/laravel laravel-cors-tutorial --prefer-dist

1	composer create-project laravel/laravel laravel-cors-tutorial --prefer-dist

switch into the project directory using following command:

cd laravel-cors-tutorial

1	cd laravel-cors-tutorial

Run the command to start the laravel app.

php artisan serve

1	php artisan serve

CORS Middleware Nitty-Gritty

After installing laravel application there would be a config/cors.php file generated. Below is list of cors related configurations available in file.

CORS configuration paths

Allowed methods
Allowed origins patterns
Allowed headers

Exposed headers
Max age
Supports credentials

config/cors.php

<?php

return [

    /*
    |--------------------------------------------------------------------------
    | Cross-Origin Resource Sharing (CORS) Configuration
    |--------------------------------------------------------------------------
    |
    | Here you may configure your settings for cross-origin resource sharing
    | or "CORS". This determines what cross-origin operations may execute
    | in web browsers. You are free to adjust these settings as needed.
    |
    | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
    |
    */
    'paths' => ['api/*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => false,
];

<?php

return [

|--------------------------------------------------------------------------

| Cross-Origin Resource Sharing (CORS) Configuration

|--------------------------------------------------------------------------

| Here you may configure your settings for cross-origin resource sharing

| or "CORS". This determines what cross-origin operations may execute

| in web browsers. You are free to adjust these settings as needed.

| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

'paths' => ['api/*'],

'allowed_methods' => ['*'],

'allowed_origins' => ['*'],

'allowed_origins_patterns' => [],

'allowed_headers' => ['*'],

'exposed_headers' => [],

'max_age' => 0,

'supports_credentials' => false,

];

Create API in Laravel

Go to routes/api.php and put the following code to enable CORS in API.

<?php

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;

/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/

Route::get('/demo-url',  function  (Request $request)  {
   return response()->json(['Laravel 8 CORS Demo']);
});

<?php

use Illuminate\Http\Request;

use Illuminate\Support\Facades\Route;

|--------------------------------------------------------------------------

| API Routes

|--------------------------------------------------------------------------

| Here is where you can register API routes for your application. These

| routes are loaded by the RouteServiceProvider within a group which

| is assigned the "api" middleware group. Enjoy building your API!

Route::get('/demo-url', function (Request $request) {

return response()->json(['Laravel 8 CORS Demo']);

});

Make Http GET Request with AJAX

In this step we will create a demo.html file and make Http GET request using AJAX to laravel api.

<!doctype html>
<html lang="en">

<head>
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"
        integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">

    <title>Laravel 8 CORS Middleware Demo</title>
</head>

<body>

    <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script>
    <script>
        $.ajax({
            type: "GET",
            dataType: "json",
            url: 'http://localhost:8000/demo-url',
            success: function (data) {
                console.log(data);
            }
        });
    </script>
    
</body>

</html>

<!doctype html>

<head>

integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">

<title>Laravel 8 CORS Middleware Demo</title>

</head>

<body>

$.ajax({

type: "GET",

dataType: "json",

url: 'http://localhost:8000/demo-url',

success: function (data) {

console.log(data);

}

});

</script>

</body>

</html>

Making ajax request we will get CORS related error (No ‘Access-Control-Allow-Origin’ header is present on the requested resource.) because we have two different domain trying to exchange data.

Access to XMLHttpRequest at 'http://localhost:8000/demo-url' from origin 'null' 
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is 
present on the requested resource.

Access to XMLHttpRequest at 'http://localhost:8000/demo-url' from origin 'null'

has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is

present on the requested resource.

Installing CORS Package in Laravel

In this step, we will install fruitcake/laravel-cors Package via the composer dependency manager. Use the following command to install fruitcake/laravel-cors Package.

composer require fruitcake/laravel-cors

1	composer require fruitcake/laravel-cors

Registering CORS Middleware

Now we have to include \Fruitcake\Cors\HandleCors class at the top inside $middleware array to enable CORS for all our routes in app/Http/Kernel.php file.

protected $middleware = [
  \Fruitcake\Cors\HandleCors::class,
    // ...
    // ...
];

protected $middleware = [

\Fruitcake\Cors\HandleCors::class,

// ...

];

This way we have enabled CORS in our laravel application.

AngularJS

CodeIgniter

Laravel

Node Js

Wordpress

More Blog

Learn

ABOUT PAGES

How to Enable CORS in Laravel

How to Enable CORS in Laravel

Laravel 8 CORS Example

Laravel 9 Livewire Pagination with Search

Laravel 9 Livewire Pagination Example

Laravel 9 Check User Login, Online Status & Last Seen

codeigniter 4 image upload example tutorial

Laravel 9 Livewire Charts Example

Laravel 9 Livewire Crud Example

Laravel 9 Livewire Multiple Image Upload

Laravel 9 Livewire Image Upload

Laravel 9 Livewire Submit Form

Laravel 9 Simple CRUD Application Example