Recently we released laravel-cors. This package can add the necessary CORS headers of your Laravel app. In this post I'd like to give a quick explanation of what CORS is and how you can use the package.
What is CORS #
Simple requests #
GET or certain
POST request (with
text/plain to domain Y the browser will add an
Origin header. The application running on domain Y can use this header to check if the request is permitted. If the server responds with a header
Access-Control-Allow-Origin containing the domain X then the browser will conclude that request was allowed. If the server didn't do that most browsers won't allow the JS on domain X to perform any requests towards domain Y.
All other requests #
All requests covered by the previous section will probably only be used to retrieve some data. All other ones such as certain
DELETE will probably modify existing data on the server. For those kinds of request the browser will send a preflight request before doing the actualy request.
This preflight request using the