Laravel API - AngularJS: Access-Control-Allow-Origin Error

- 1 answer

Hello stackoverflowers!

I have a hard time to get Angular and Laravel working together. I want to use Angular separately from Laravel. I have setup 2 domains and using forge. When i want to send requests from my or localhost to my i got a 'Access-Control-Allow-Origin' (=CORS?) error.


XMLHttpRequest cannot load Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8888' is therefore not allowed access.

I googled for hours but i can't figure it out. I already tried adding CORS middleware to Laravel but that has no effect.

        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
            ->header('Access-Control-Max-Age', '1000')
            ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');

Error is still being showed. The weird part is that get request are allowed, only post requests are not allowed for some reason.

enter image description here

Normally i use APACHE as server but Laravel Forge is using nginx. Does this has something todo with nginx?

My nginx config file:

server {
listen 80;
root /home/forge/;

# ssl_certificate;
# ssl_certificate_key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

index index.html index.htm index.php;

charset utf-8;

location / {
    try_files $uri $uri/ /index.php?$query_string;

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }

access_log off;
error_log  /var/log/nginx/ error;

error_page 404 /index.php;

location ~ \.php$ {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
location ~ /\.ht {
    deny all;


Can anyone help me out? Would be awesome!



Try This , it worked well for me

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');