I seem to always post questions where no one can answer so here to hoping I get some help...
Ive been building 2 projects at the moment. A website using Laravel and an API using Laravel. All data is stored in the API and the website layer is merely a front-end for presenting the data it retrieves from the API. The website makes calls to the API VIA cURL and I pass the basic auth VIA the headers eg.:
$curlHandler = curl_init();
curl_setopt($curlHandler, CURLOPT_URL, $url);
curl_setopt($curlHandler, CURLOPT_USERPWD, 'username:password');
curl_setopt($curlHandler, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($curlHandler, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
curl_setopt($curlHandler, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curlHandler, CURLOPT_FRESH_CONNECT, TRUE);
$exec = curl_exec($curlHandler);
$response = json_decode($exec);
$info = (object) curl_getinfo($curlHandler);
curl_close($curlHandler);
The API outputs responses like so:
return Response::json(MyModel::find(1), 200);
Everything works 100% and ive actually even managed to get PUT, PATCH and DELETE requests to work aswell.
My problem comes in when I start to make calls against the API using jQuery as CORS kicks in. I was helped by someone who told me to use the below code to handle the basic auth headers through my AJAX request:
$.ajax({
url: 'http://api',
type: 'GET',
dataType: 'json',
beforeSend: function (xhr) {
xhr.setRequestHeader(
'Authorization',
'Basic ' + btoa('username:password'));
}
}).complete(function () {
}).fail(function () {
});
I then read I need to add allowed access to my JSON response like so:
return Response::json('response', 200, array('Access-Control-Allow-Origin' => 'http://domain'));
When I use a combination of basic auth and the CORS response I still get a CORS error. If I drop the auth then the CORS works. If I place my request on the same domain then the basic auth works... Its almost like the combination of both doesnt work.
Ultimately what im trying to achieve is that authentication is approved and I then specify the CORS allowed domain which is a value associated to the user in the DB...
I just read this post and it seems like there is a problem with Laravel regarding this?: http://laravel.io/forum/03-28-2014-how-to-handle-cors
A solution is marked in that post to use laravel-cors. I've also used it before and it worked in my case.
If you happen to know angularjs or something similar, try using that instead of laravel for front end, but keep in mind that web crawlers can have problems indexing those pages.
pogachar said:
A solution is marked in that post to use laravel-cors. I've also used it before and it worked in my case.
If you happen to know angularjs or something similar, try using that instead of laravel for front end, but keep in mind that web crawlers can have problems indexing those pages.
You have no idea how much ive been struggling with this CORS problem... I use Firefox for my dev but decided to open Chrome and see if the problem I was having was not maybe a browser issue.
Firefox's handling of CORS errors in 1 word: sucks. So if you're having the same problems as ive been having for days rather use Chrome for any CORS dev as it has WAY more descriptive error handling and I actually managed to fix my problem.
I had my header declared "twice" in all my fiddling so there was some kinda of issue there + I didnt switch supportsCredentials to true on the laravel-cors package config and I was setting withCredentials: true on my AJAX request... Its highly unlikely I would have figured out those problems without some kinda of descriptive error. Thanks Firefox/Firebug for wasting days of my life! Altho I will still continue dev in Firefox ill check console errors on Chrome on a regular basis...
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast