Call to undefined method Symfony\Component\HttpFoundation\Response::header()
Stefan Bogdanescu
Founder & Senior Architect · 2026-06-29
# Call to undefined method Symfony\Component\HttpFoundation\Response::header(): Debugging Middleware Header Issues in Laravel
As a senior developer, I often encounter subtle but frustrating errors when working with framework middleware, especially when integrating third-party packages like Laravel Passport. The error you are seeing—`Call to undefined method Symfony\Component\HttpFoundation\Response::header()`—points directly to an incompatibility or misunderstanding of how the response object is being manipulated within your specific Laravel/Symfony stack.
This post will dissect why this error occurs in your CORS middleware and provide the correct, modern way to set HTTP headers in a Laravel application, ensuring your API responses are handled robustly.
---
## Understanding the Error: Response Object Manipulation
The core issue lies in how you are attempting to modify the response object returned by `$next($request)`. In your middleware, you are correctly capturing the response from the subsequent route execution into the `$response` variable:
```php
$response = $next($request);
foreach ($headers as $key => $value)
$response->header($key, $value); // <-- Error occurs here
```
The error `Call to undefined method Symfony\Component\HttpFoundation\Response::header()` indicates that the specific object returned by `$next($request)` (which is an instance of `Symfony\Component\HttpFoundation\Response`) does not possess a method named `header()`. While this method existed in some older or different contexts, modern Laravel and Symfony applications prefer more explicit methods for setting headers on response objects.
This often happens because the way headers are set has evolved across framework versions or specific implementations of the underlying HTTP standard. When dealing with responses generated by Laravel's HTTP layer, direct calls to methods might be superseded by helper functions that ensure compatibility and adherence to the framework's conventions.
## The Solution: Using Idiomatic Laravel Response Methods
Instead of attempting to call a potentially undefined method directly on the `Response` object, we should leverage the established methods provided by the underlying framework to modify headers safely.
For adding custom response headers in Laravel, the most reliable approach is to use the `withHeader()` method or manipulate attributes if necessary. Since your goal is to add multiple CORS-related headers, using a loop combined with an appropriate method is key.
Here is the corrected implementation for your `Cors` middleware:
```php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Response;
class Cors
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
// ALLOW OPTIONS METHOD
$headers = [
'Access-Control-Allow-Origin' => '*',
'Access-Control-Allow-Methods' => 'POST, GET