I am attempting to create a User via a POST request to my Laravel 4 API from an external site. I've added the following code to my app/filters.php file:
App::before(function($request)
{
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
header('Access-Control-Allow-Origin', 'http://www.myexternalsite.net');
header('Allow', 'GET, POST, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Request-With');
header('Access-Control-Allow-Credentials', 'true');
exit;
}
});
App::after(function($request, $response)
{
$response->headers->set('Access-Control-Allow-Origin', 'http://www.myexternalsite.net');
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Requested-With');
$response->headers->set('Access-Control-Allow-Credentials', 'true');
$response->headers->set('Access-Control-Max-Age','86400');
return $response;
});
when I run my dev tools on the POST request from http://www.myexternalsite.net I get the following warning message:
event.returnValue is deprecated. Please use the standard event.preventDefault() instead. main-built.js:6
and the following error messages:
OPTIONS http://api.mywebsite.com/users 500 (Internal Server Error) main-built.js:7
OPTIONS http://api.mywebsite.com/users No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.myexternalsite.net' is therefore not allowed access. main-built.js:7
Am I missing something?
The first error is strictly a client-side javascript error. The error description means exactly what it says. You should update your js appropriately.
The second set of error message probably related to the fact you are making a cross-domain request for a javascript file which is not subject to your headers being sent by PHP. You would need to configure CORS on webserver for such endpoint