How to organize secure Vue-Laravel requests?

M

mazahaler2019-09-22 14:07:10

CORS

mazahaler, 2019-09-22 14:07:10

Hello, I'm just learning Vue and decided to start by making an authentication system (registration, login, etc.).
Requests are sent from Vue to Laravel, and I had to put these things in Laravel routes/api.php before the routes:
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, X-Auth-Token, Origin, Authorization');
header('Access-Control-Expose-Headers: Authorization');
for the reason that when I sent requests, an error related to CORS popped up. Googled that you need to insert these lines, but did not understand the issue of security.
Question: Is it safe to use the lines above? If not, what would you advise to avoid errors related to CORS

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

J

JhaoDa, 2019-09-22
@mazahaler

There's no way to say "is it safe to use the lines above" because it's your application and your logic.
But at least Access-Control-Allow-Origin: *nullifies the whole point of CORS.