No More Posting New Topics!

If you have a question or an issue, please start a thread in our Github Discussions Forum.
This forum is closed for new threads/ topics.

Navigation

    Quasar Framework
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    CORS: as been blocked by CORS policy: Response to preflight request doesn't pass access control check and Laravel 6

    Framework
    3
    4
    1482
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Castris
      Castris last edited by Castris

      I’m trying to log in using quasar-app-extension-auth-token-based over quasar 1.2.1 against a Laravel 6-based API with Passport.

      To keep up the problem I found the post that talked about Laravel-Cors, and even then, it doesn’t work for me.

      My app in quasar runs with quasar dev over a local port, but the API is in a virtual machine with a domain name.

      Access to XMLHttpRequest at 'http://albariddev.castris.develop/api/v1/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

      quasar.extensions.json

      {
  "auth-token-based": {
    "register_route": "/auth/register",
    "verification_route": "/auth/verify",
    "login_route": "/api/v1/login", // My API Route for login but on erro I see orginla rute of package /auth/login
    "password_forgot_route": "/auth/password/forgot",
    "password_reset_route": "/auth/password/reset",
    "fetch_user_route": "/auth/user",
    "superuser_functionality": true
  }
}

      On postman work fine.

      https://albariddev.castris.develop/api/v1/login?email=user@email.com&password=MyPassword

      {
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6ImNmMjFmYzFjYmEwZjhlNzIzYmRiMmFjMjBjMDk2MDE1YzUxNWUwZmNlOGM4OWM1NWU3Y2Q4MjhiNDBkZmUwNDJlN2RjMTVkZjQ1ZmJhNDkwIn0.eyJhdWQiOiIxIiwianRpIjoiY2YyMWZjMWNiYTBmOGU3MjNiZGIyYWMyMGMwOTYwMTVjNTE1ZTBmY2U4Yzg5YzU1ZTdjZDgyOGI0MGRmZTA0MmU3ZGMxNWRmNDVmYmE0OTAiLCJpYXQiOjE1NzEzNTE2NDYsIm5iZiI6MTU3MTM1MTY0NiwiZXhwIjoxNjAyOTc0MDQ2LCJzdWIiOiIxIiwic2NvcGVzIjpbXX0.YMHaYAu9OJ0Y63uEUh10A0W3HD4iCIMnq1vUlrD2hTgXYdVyISJ1QW1gjCDFD6foH21pdx71CXB3ibml-vzeVRnxnpWi9gI2jc6XOQvDRbpup6fDsrDZq1KIcgtZm_uEJQjvbgCYRd1x5OK7Lv_keoCAYySekx0vU4S4wNoT9btyiAX9Y7usXkVcuSYGwK4yaLdUyR2-AVR0uR3EcOK57liZ0m54e1jrcWbqi4mX5QWXoCMdglanJkvky49HRAdIswyCcRi5Xkemmk_31xi5gY9bzvaElnPRGSnloo4yv73CapVY0SDLbpBBeq6gLX9O05xNUBzU9c3NsvnoHhBQ8CGiTf3gs4fDLJ0_ZPnm2zR3MESFNuo7VD92OoNYRNIkbmUMXjAquwc50txASYRGWqS241H2Nh9q1Hb_-TnyOtwNONOmNzPOEokrKV4eRP5N5cqaR4KoFFXyQ7m-p_uVHEzRD7N5VFRnZ8X-2lz5hqKUzLXcfZEAvTHFv-2bZbourQGmhJkOvgvZCNHP7jQPvmVz2kD_oNS1onqkFNPoGZpEgiPgSlm7EoFKFc2bjzjnW8X2R4VhzijJVXIAKspH6ZOQsFD8QH3h5Sx9MNe5ZBnJ5SAQ3h_ztVAfe2Oa09OkW96AVoCG0dUKsL1jMacibE1rriW6E0XD0-6KBknRD4g",
    "token_type": "Bearer"
}

      Apreciate some help.

      metalsadman 1 Reply Last reply Reply Quote 0
      • metalsadman
        metalsadman @Castris last edited by

        @Castris there’s a laravel package that handles cors set it up in your server https://github.com/barryvdh/laravel-cors.

        1 Reply Last reply Reply Quote 0
        • Castris
          Castris last edited by

          I’ve installed this package and setup with the least sensitivity. That is why I am going here.

          'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedOriginsPatterns' => ['*'],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['*'],
    'exposedHeaders' => ['*'],
    'maxAge' => 0,
];

          In Kernel.php

          protected $middleware = [
...
\Barryvdh\Cors\HandleCors::class,
];

          Also tried to Disabling CSRF protection for my API

          App\Http\Middleware\VerifyCsrfToken:

          protected $except = [
    'api/*'
];

          That said, I think the best way would be to know if the package sends a token, in the same way as Postman does, but I can’t find a way to do it given the poor documentation of the package.

          1 Reply Last reply Reply Quote 0
          • qyloxe
            qyloxe last edited by

            Well, you can also set up a reverse proxy (openresty/nginx) and have CORS handled at that level. It would solve ALL the problems with EVERYTHING 🙂
            Where ALL==every access control request from client, and EVERYTHING==every api/rest/openapi/webservice/endpoint on backend side regardless of used technology (php, python, node, c#, etc.).

            1 Reply Last reply Reply Quote 0
            • First post
              Last post