Comments (7)
Hi, I have found a solution on this laravel-cros issue, adding the cors middleware globally fix the error. Now I have the CORS header even on error responses. I will send a pull request with the fix and adding some lines as suggested on laravel-cros docs to prevent future issues.
Looks related to "dingo/api", this package handles the errors responses without calling the render()
method on the exception handler class, so we can't call laravel-cors to put the spected header when errors occurs.
from apiato.
@nmrgt I have not tried Cors with this project yet. I advise you to check this repo. Probably you need to enable it in Hello API.
from apiato.
Can you show the request headers of the JSON encoded call ? How are you testing this?
from apiato.
Hi, I have a similar error, when I try to send a post request to login with invalid credentials, there is no Access-Control-Allow-Origin header:
$ curl -H "Origin: http://angular.dev" --verbose http://api.hello.dev/user/login -k -d [email protected] -d password=wrong
* Trying 192.168.10.10...
* Connected to api.hello.dev (192.168.10.10) port 80 (#0)
> POST /user/login HTTP/1.1
> Host: api.hello.dev
> User-Agent: Mozilla/5.0 Gecko
> Accept: */*
> Origin: http://angular.dev
> Content-Length: 35
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 35 out of 35 bytes
< HTTP/1.1 401 Unauthorized
< Server: nginx/1.11.5
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache
< Date: Fri, 27 Jan 2017 03:28:57 GMT
<
* Connection #0 to host api.hello.dev left intact
{"message":"Credentials Incorrect.","status_code":401}
If credentials are ok, the headers Access-Control-Allow-Origin is given:
$ curl -H "Origin: http://angular.dev" --verbose http://api.hello.dev/user/login -k -d [email protected] -d password=admin
* Trying 192.168.10.10...
* Connected to api.hello.dev (192.168.10.10) port 80 (#0)
> POST /user/login HTTP/1.1
> Host: api.hello.dev
> User-Agent: Mozilla/5.0 Gecko
> Accept: */*
> Origin: http://angular.dev
> Content-Length: 36
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 36 out of 36 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: private, must-revalidate
< X-RateLimit-Limit: 100
< X-RateLimit-Remaining: 98
< X-RateLimit-Reset: 1485488426
< Content-Language: en
< Access-Control-Allow-Origin: http://angular.dev
< Vary: Origin
< ETag: "07567eaa2149a92935097c33e091f88e75aebcb4"
< Date: Fri, 27 Jan 2017 03:35:36 GMT
<
{"data":{...}}
This causes problems on javascript app handling the server errors, because we have no the response from server, we have this on browser console instead:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.hello.dev/user/login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Get and Post (with correctly data) request are ok, have no tested others methods. Sounds like the Access-Control-Allow-Origin
header is no set serving errors, like validation errors in this case.
from apiato.
Hi, I am so frustrated with this bug... I have tried many things, but nothing works, except this:
In the Barryvdh\Cors\Stack\CorsService
, line 92, write this:
return $response."";
And yes, we have the Access-Control-Allow-Origin
again even when the server returns error messages, like validation, authentication, 500 status, etc...
Credentials Incorrect
$ curl -H "Origin: http://angular.dev" --verbose http://api.hello.dev/user/login -k -d [email protected] -d password=
* Trying 192.168.10.10...
* Connected to api.hello.dev (192.168.10.10) port 80 (#0)
> POST /user/login HTTP/1.1
> Host: api.hello.dev
> User-Agent: Mozilla/5.0 Gecko
> Accept: */*
> Origin: http://angular.dev
> Content-Length: 31
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 31 out of 31 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: private, must-revalidate
< ETag: "2492947978b05524942766c9f6c7b934cb91ed86"
< Date: Fri, 27 Jan 2017 05:47:32 GMT
<
HTTP/1.0 401 Unauthorized
Access-Control-Allow-Origin: http://angular.dev
Cache-Control: no-cache
Content-Language: en
Content-Type: application/json
Vary: Origin
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 99
X-Ratelimit-Reset: 1485496352
* Connection #0 to host api.hello.dev left intact
{"message":"Credentials Incorrect.","status_code":401}
No authorization headers
$ curl -H "Origin: http://angular.dev" --verbose http://api.hello.dev/apps
* Trying 192.168.10.10...
* Connected to api.hello.dev (192.168.10.10) port 80 (#0)
> GET /apps HTTP/1.1
> Host: api.hello.dev
> User-Agent: Mozilla/5.0 Gecko
> Accept: */*
> Origin: http://angular.dev
>
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: private, must-revalidate
< ETag: "b682ef6deea6fae72d713f5314e56610a0924d13"
< Date: Fri, 27 Jan 2017 05:48:57 GMT
<
HTTP/1.0 401 Unauthorized
Access-Control-Allow-Origin: http://angular.dev
Cache-Control: no-cache
Content-Language: en
Content-Type: application/json
Vary: Origin
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 96
X-Ratelimit-Reset: 1485496180
* Connection #0 to host api.hello.dev left intact
{"message":"Failed to authenticate because of bad credentials or an invalid authorization header.","status_code":401}
Validation
$ curl -H "Origin: http://angular.dev" --verbose http://api.hello.dev/user/login -k -d email=admin -d password=123
* Trying 192.168.10.10...
* Connected to api.hello.dev (192.168.10.10) port 80 (#0)
> POST /user/login HTTP/1.1
> Host: api.hello.dev
> User-Agent: Mozilla/5.0 Gecko
> Accept: */*
> Origin: http://angular.dev
> Content-Length: 24
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 24 out of 24 bytes
< HTTP/1.1 200 OK
< Server: nginx/1.11.5
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: private, must-revalidate
< ETag: "69bf046130b61520871606276d3e616008909f17"
< Date: Fri, 27 Jan 2017 05:50:59 GMT
<
HTTP/1.0 422 Unprocessable Entity
Access-Control-Allow-Origin: http://angular.dev
Cache-Control: no-cache
Content-Language: en
Content-Type: application/json
Vary: Origin
X-Ratelimit-Limit: 100
X-Ratelimit-Remaining: 95
X-Ratelimit-Reset: 1485496352
* Connection #0 to host api.hello.dev left intact
{"message":"Invalid Input.","errors":{"email":["The email must be a valid email address."]},"status_code":422}
This way everything is ok on command line, but when testing this on the javascript app we have not the CORS header on GET or POST any more.
WTH!!
from apiato.
@llstarscreamll thanks mate, glad you've solved it. I will merge your PR now. Have a good weekend :)
from apiato.
I followed your explanation for this issue and I continuo with this error:
Request Method:OPTIONS
Status Code:501 Not Implemented
But when I'm in the intranet works well...
from apiato.
Related Issues (20)
- Composer require problem with requirements
- Installing on cPanel HOT 1
- Search is not working in RequestCriteria HOT 2
- Laravel Passport PKCE HOT 2
- microservice projects HOT 2
- Add Laravel 10 support HOT 6
- Swagger Generator HOT 2
- Your requirements could not be resolved to an installable set of packages
- how to handle relationship HOT 3
- UUID , instead of Hashed Id
- Hash ids error when using "in" operator HOT 2
- Cli generator does not support `criteria` currently
- Why i am getting "Welcome to Apiato" message even after specifying route end point HOT 1
- apiato:apidoc command throw ProcessFailedException Error HOT 9
- API Test Error: "The requested Resource was not found." HOT 5
- Custom Model primaryKey not working! HOT 2
- Installation Error via Composer
- No hint path defined for [mail] HOT 1
- Invalid key supplied HOT 2
- Repository delete() ModelNotFoundException is never thrown
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apiato.