You can't share resources between two servers or domains, right? So, if you're stumped by this riddle, we've got a solution for you.

In this article, I'll show you how to enable and interact with CORS (Cross-Origin Resource Sharing) in Laravel. CORS can be installed and configured to fix the missing CORS header 'access-control-allow-origin' issue.

Generally, this problem happens when a request is made from a different server or origin due to a lack of security consensus between two servers. We normally get a warning that says "No 'Access-Control-Allow-Origin' header is present on the requested page." CORS is a protocol that allows two domains to communicate with each other.

CORS (cross-origin resource sharing) is a method that permits restricted web page resources to be requested from a domain other than the one that supplied the first resource.

Table of Content

  1. Laravel CORS Example
  2. CORS Middleware Nitty-Gritty
  3. Create API in Laravel
  4. Make Http GET Request with AJAX
  5. Malevolent Laravel CORS Error
  6. Installing CORS Package in Laravel
  7. Registering CORS Middleware

1. laravel CORS Example

How can you make your REST API backend CORS compliant? We must first install a new Laravel application.

composer create-project laravel/laravel laravel-cors-tutorial --prefer-dist

Add the following to the project folder:

cd laravel-cors-tutorial

If you already have the app installed, skip this step and run the command to begin testing CORS in the Laravel app.

php artisan serve

2. CORS Middleware Nitty-Gritty

The config/cors.php file is generated along with the new app installation. Laravel supports the following cors setups.

  • CORS configuration paths
  • Allowed methods
  • Allowed origins patterns
  • Allowed headers
  • Exposed headers
  • Max age
  • Supports credentials

return [
    | Cross-Origin Resource Sharing (CORS) Configuration
    | Here you may configure your settings for cross-origin resource sharing
    | or "CORS". This determines what cross-origin operations may execute
    | in web browsers. You are free to adjust these settings as needed.
    | To learn more:
    'paths' => ['api/*'],
    'allowed_methods' => ['*'],
    'allowed_origins' => ['*'],
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['*'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => false,

3. Create API in Laravel

We need one to enable CORS in API, thus go to routes/api.php and paste in the code below.

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
| API Routes
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
Route::get('/demo-url',  function  (Request $request)  {
   return response()->json(['Laravel CORS Demo']);

4. Make Http GET Request with AJAX

AJAX will be used to send the Http GET request. Create a new HTML template and call it demo.html. To receive the response, use the jQuery CDN link, define the AJAX method, and pass the Laravel API.

<!doctype html>
<html lang="en">
    <!-- Required meta tags -->
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <!-- Bootstrap CSS -->
    <link rel="stylesheet" href=""
        integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">
    <title>Laravel CORS Middleware Demo</title>
    <script src="[email protected]/dist/jquery.min.js"></script>
            type: "GET",
            dataType: "json",
            url: 'http://localhost:8000/demo-url',
            success: function (data) {


5. Malevolent Laravel CORS Error

Because we have two separate domains attempting to exchange data, a CORS related error (No 'Access-Control-Allow-Origin' header is present on the requested resource.) happened. And, yeah, we haven't even turned on CORS.

Access to XMLHttpRequest at 'http://localhost:8000/demo-url' from origin 'null'
has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is
present on the requested resource.

6. Installing CORS Package in Laravel

Now that we know what the problem is, we can focus on treating it. Simply install the fruitcake/laravel-cors package using Composer.

composer require fruitcake/laravel-cors

7. Registering CORS Middleware

In your Laravel application, we've included the crucial CORS (Cross-Origin Resource Sharing) headers support. Now we must set it up in our application.

Finally, in the app/Http/Kernel.php file, add the FruitcakeCorsHandleCors class at the top of the $middleware array to enable CORS for all our routes.

protected $middleware = [
    // ...
    // ...

To deal with resource sharing on several domains, we implemented CORS in Laravel.

I hope you will like the content and it will help you to learn laravel CORS Example: How to Enable CORS in Laravel?
If you like this content, do share.

Recommended Posts

View All

Recommended Posts

View All

Laravel 9 Highcharts Example Tutorial

In this tutorial, I'll give you an example of how to use highchart js to construct a highchart in a laravel 9 application.

How to install Adminer in Laravel application

In this article we will install Adminer in Laravel 8 application

Laravel 9 Captcha Tutorial – Create Captcha in Laravel

A CAPTCHA is a challenge-response test used in computing to determine if a user is human. It is an abbreviation for the Completely Automated Public Tu...

Laravel 9 Upload image using Summernote editor

A basic Javascript package called Summernote Editor can be used to create online WYSIWYG web editors.

How To Create Url Shortener In Laravel 9 Application

How to create a URL shortener tool using Laravel 9's short URL package, similar to or