Example 1: has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Credentials", "true");
response.setHeader("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");
response.setHeader("Access-Control-Allow-Headers", "Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers");
Example 2: been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
My issue was the remote server not responding to OPTIONS requests,
so after fiddling about with requests and headers for what seemed
like ages I resolved it by removing the headers
Content-Type and Access-Control-Allow-Origin
Example 3: Angular Laravel has been blocked by CORS policy: Request header field x-requested-with is not allowed by Access-Control-Allow-Headers in preflight response.
namespace App\Http\Middleware;
use Closure;
class Cors
{
public function handle($request, Closure $next)
{
$response = $next($request);
$response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, DELETE');
$response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers'));
$response->header('Access-Control-Allow-Origin', '*');
return $response;
}
}
Example 4: Access to XMLHttpRequest at 'http://localhost/MySQL_pracs/InsertUser.php' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.
<?php
header('Access-Control-Allow-Headers: Content-Type');
-----
?>
Example 5: laravel Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on
Step 1 : Create Cors middleware.
php artisan make:middleware Cors
Step 2 : Add below lines in handle function before return.
header('Access-Control-Allow-Origin: http://localhost:4200');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Authorization, Origin');
header('Access-Control-Allow-Methods: POST, PUT');
Step 3 : Register the middileware in app/Http/Kernel.php file
Add below line in $middleware array
\App\Http\Middleware\Cors::class,
Step 4 : Now we have to call the middleware in app/Http/Kernel.php file
Add below line in $routeMiddleware array
'cors' => \App\Http\Middleware\Cors::class,
Using the * works rather than the host origin. Was missing the Cors.php middleware in the array as well