How to win / disable cross-domain request check?

I

IvanKalinin2015-07-12 05:03:00

Angular

IvanKalinin, 2015-07-12 05:03:00

All the best.
I'm trying to figure out a bunch of Laravel + AngularJS.
Laravel installed on localhost, then put the angular app in the public folder using the yeoman generator. I run my Angular app using grunt serve to autocompile sass and debug. In fact, the application opens on localhost:9000/#
When trying to write something like $http.get(' localhost/api/...... browsers swear at the absence of the CORs header.
How to get around?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

_

_ _, 2015-07-12
@IvanKalinin

If you do not plan to subsequently use the API from the "left" domains, then you can simply start Chrome with the security policy disabled.
On OS X, it's done like this:

$ open -a Google\ Chrome --args --disable-web-security

R

romach3, 2015-07-12
@romach3

Pass the necessary headers) To do this, you can connect the package:
https://github.com/barryvdh/laravel-cors
Or just create a middleware that will add them to the response and hang it on the necessary routes , something like this:

namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Response;

class CORS {
    public function handle($request, Closure $next)
    {
        /** @var Response $response */
        $response = $next($request);
        return $response->header('Access-Control-Allow-Origin' , '*')
            ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
            ->header('Access-Control-Allow-Headers', 'Content-Type, X-Auth-Token, Origin');
    }
}

Please note that for POST / PUT / DELETE requests, the token is also checked, more about this in the documentation .