No 'Access-Control-Allow-Origin'

[shijunti19]

XMLHttpRequest cannot load https://www.a031.com/oauth/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

https://github.com/barryvdh/laravel-cors

public function boot() { $this->registerPolicies(); Passport::routes();

I should be how to solve

[Modelizer]

You need to configure Nginx to accept CROS request. checkout http://enable-cors.org/server_nginx.html need to specify which domain should be accepted for CROS flight request Access-Control-Allow-Origin or you can pass * for every domain request.

[shijunti19]

@Modelizer I just want to specify the route;
Ideally:
Passport::routes(); should be placed in routes/web.php
cors：https://github.com/barryvdh/laravel-cors
Route::group(['middleware' => 'cors'], function($router){
Passport::routes();
});

If so,I am not sure if I can do it well.

[Modelizer]

Can this problem will be easily be solved by adding this code snippet in Nginx conf?

#
# Wide-open CORS config for nginx
#
location / {
     if ($request_method = 'OPTIONS') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        #
        # Custom headers and headers various browsers *should* be OK with but aren't
        #
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        #
        # Tell client that this pre-flight info is valid for 20 days
        #
        add_header 'Access-Control-Max-Age' 1728000;
        add_header 'Content-Type' 'text/plain charset=UTF-8';
        add_header 'Content-Length' 0;
        return 204;
     }
     if ($request_method = 'POST') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }
     if ($request_method = 'GET') {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
     }
}

[danidelgadoz]

I use 'barryvdh/laravel-cors'. And I'm calling from angular app, and this worked for me:
fruitcake/laravel-cors#243

[ankgne]

I was facing this issue while using passport authentication from my angular front end application and resolved it by following below steps:

1. Adding oauth path as shown below in config/cors.php
   'paths' => ['api/*', 'oauth/*'],
2. Using below values in AuthServiceProvider.php
   Passport::routes(null, ['middleware' => [ \Fruitcake\Cors\HandleCors::class ]]);
   instead of
   Passport::routes();
3. Refreshing the config cache
   php artisan config:clear

[FadilaNuzha]

@ankgne thanks, this worked for me after spending almost 4 hours.

[rogervila]

In my case the issue was Inertia redirecting to the callback URL via AJAX.

I solved it by modifying the HandleInertiaRequests middleware: inertiajs/inertia-laravel#323