I am coding a Angular 6 / Lumen 5.7 Application
Lumen app is in a AWS server --> https://api.kendozone.com
Angular app is hosted by github pages --> https://v2.kendozone.com
It works great in local, but when I push it to production, I can't get rid of CORS issue, when I try to make a login post, I get:
Access to fetch at 'https://api.kendozone.com/auth/login' from origin 'https://v2.kendozone.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
api.kendozone.com/auth/login:1 Failed to load resource: the server responded with a status of 504 (Gateway Timeout)
I already tried several things:
https://www.codementor.io/chiemelachinedum/steps-to-enable-cors-on-a-lumen-api-backend-e5a0s1ecx
https://gist.github.com/danharper/06d2386f0b826b669552
I now removed all those scripts, and installed a lumen package:
https://github.com/barryvdh/laravel-cors
Now, I don't have any idea left... What should I do ???
It seems to me that the simplest way would be to define a Access-Control-Allow-Origin header on your lumen application allowing access from https://v2.kendozone.com.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS for exact formatting and possibilities.
The problem you may be running into is that your cors configuration does not send back those headers on the OPTIONS request before your actual request, or there is a redirection before hitting the actual lumen endpoint that is stripping the headers.
The method you posted at https://www.codementor.io/chiemelachinedum/steps-to-enable-cors-on-a-lumen-api-backend-e5a0s1ecx should work. Please make sure the Access-Control-* headers are sent back for all your requests.