Enable CORS in laravel 5.4

Enable CORS in Laravel 5.4.php

<?php
# File: app\Http\Middleware\CORS.php
# Create file with below code in above location. And at the end of the file there are other instructions also. 
# Please check. 

namespace App\Http\Middleware;

use Closure;

class CORS {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next) {
//        return $next($request);
        header("Access-Control-Allow-Origin: *");

        // ALLOW OPTIONS METHOD
        $headers = [
            'Access-Control-Allow-Methods' => 'POST, GET, OPTIONS, PUT, DELETE',
            'Access-Control-Allow-Headers' => 'Content-Type, X-Auth-Token, Origin, Authorization'
        ];

        if ($request->getMethod() == "OPTIONS") {
            // The client-side application can set only headers allowed in Access-Control-Allow-Headers
            return \Response::make('OK', 200, $headers);
        }

        $response = $next($request);
        foreach ($headers as $key => $value)
            $response->header($key, $value);
        return $response;
    }
}

# File::  app\Http\Kernel.php
# Add following line in `protected $middleware` Array.
# \App\Http\Middleware\CORS::class

# And following in `protected $routeMiddleware` Array
# 'cors' => \App\Http\Middleware\CORS::class

use

$response = $next($request);
foreach ($headers as $key => $value)
     $response->headers->set($key, $value); 
return $response;

instead of

$response = $next($request);
foreach ($headers as $key => $value)
     $response->header($key, $value);
return $response;

because it throws an exception of not getting header method symphony component! like
"Call to undefined method Symfony\Component\HttpFoundation\Response::header()"

Great way to do it! I'm really glad you posted this file. And it makes it really easy to eliminate methods you don't want CORS on.

The best CORS solution I found for Laravel!

REALLLY THANK YOU!

Wow,.. and magic happen ,..... Thanks

You've saved my life !!! thanks mate !!

Beware: this allows clients from any domain, the *-value, to access the application. This may be acceptable for public API's. For other applications you would normally restrict access and only grant access to domains you control or allow access.

Very good and small solution. Thanks!

I embeded this code. But there's what I got as an error message. What should I do? Thank you!! :

1/1) ReflectionExceptionClass App\Http\Middleware\CORS does not exist

in Container.php (line 729)
at ReflectionClass->__construct('App\Http\Middleware\CORS')in Container.php (line 729)
at Container->build('App\Http\Middleware\CORS')in Container.php (line 608)
at Container->resolve('App\Http\Middleware\CORS')in Container.php (line 575)
at Container->make('App\Http\Middleware\CORS')in Application.php (line 728)
at Application->make('App\Http\Middleware\CORS')in Pipeline.php (line 138)
at Pipeline->Illuminate\Pipeline{closure}(object(Request))in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing{closure}(object(Request))in TransformsRequest.php (line 30)
at TransformsRequest->handle(object(Request), object(Closure))in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline{closure}(object(Request))in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing{closure}(object(Request))in TransformsRequest.php (line 30)
at TransformsRequest->handle(object(Request), object(Closure))in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline{closure}(object(Request))in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing{closure}(object(Request))in ValidatePostSize.php (line 27)
at ValidatePostSize->handle(object(Request), object(Closure))in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline{closure}(object(Request))in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing{closure}(object(Request))in CheckForMaintenanceMode.php (line 46)
at CheckForMaintenanceMode->handle(object(Request), object(Closure))in Pipeline.php (line 148)
at Pipeline->Illuminate\Pipeline{closure}(object(Request))in Pipeline.php (line 53)
at Pipeline->Illuminate\Routing{closure}(object(Request))in Pipeline.php (line 102)
at Pipeline->then(object(Closure))in Kernel.php (line 151)
at Kernel->sendRequestThroughRouter(object(Request))in Kernel.php (line 116)
at Kernel->handle(object(Request))in index.php (line 53)

@Aaituov you have to dump autoload:
composer dump-autoload

Why is the "Access-Control-Allow-Origin" header added via header() function and not as the others?

Easy and good solution; Thanks

The best solution that i found until now.. it works perfectly.. Thanks a Lot Dude..

By far best solution, was running into random/sporadic issues with Barry's laravel-cors, found this and worked perfectly every time.

👍

had the same error. i run auto load but still can't work it out

ReflectionExceptionClass App\Http\Middleware\CORS does not exist

Thanks mate!
Wasted hours to find a solution for this...

thanks get it working namespace was the issue

hey guys does anyone knows how to tackle the issue of CSRF-TOKE I'll been trying to fixed this for days now but can't get through. I don't know what could be wrong, im having this error. 500 (Internal Server Error) . im runing laravel 5.4 here's is the bit of ajax code.

var requestData= JSON.stringify(dataArray);

$.ajaxSetup({
headers:{'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')},

	}); 
	  $.ajax({
		  data:{"data":requestData, "method":'POST',"_token":'{{csrf_token()}}'},
	 type:"POST",
	url: "result",
	dataType:"JSON",
	 success: function(data) {
         $("#tb1").html(data);
		 
     } 
	   
 });  

Awesome.

But I had to remove

header("Access-Control-Allow-Origin: *");

and add it to

$headers = [
        "Access-Control-Allow-Origin"   => "*",
        // Other Options
];

instead to make it work with my tests.

Awesome... Thanks mofrubel, this works for me too