How to enable CORS in Laravel?
Stefan Izdrail
Founder & Senior Architect · 2026-06-29
Title: Troubleshooting CORS Issues in Laravel Applications
Introduction: Cross-Origin Resource Sharing (CORS) is a mechanism that allows browsers to make cross-domain requests safely. This article aims to provide a comprehensive guide on enabling and debugging CORS issues encountered with Laravel applications. We'll discuss the process of installing, configuring, and troubleshooting CORS in your Laravel project.
1. Install the CORS Middleware: To begin with, we'll create our custom middleware to handle CORS requests. Open the terminal and run the following command to generate a new middleware class:
```bash
php artisan make:middleware Cors
```
2. Create and Configure the Middleware Class: Next, open the newly created Cors.php file under `app/Http/Middleware` folder. Write the following code for your middleware class:
```php
namespace App\Http\Middleware;
use Closure;
class Cors
{
public function handle($request, Closure $next)
{
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, Authorization');
}
}
```
3. Create Appropriate Route Middleware: To apply the newly created CORS middleware to your routes, open the `app/Http/Kernel.php` file. Modify the `$routeMiddleware` array and add the following line:
```php
protected $routeMiddleware = [
...
'cors' => \App\Http\Middleware\Cors::class,
];
....
```
4. Assign Route Middleware to Routes: Now, you can assign the CORS middleware to specific routes or groups of routes using the `middleware` method. For example:
```php
Route::group(['middleware' => ['cors']], function() {
// Your protected routes
});
```
5. Debugging and Troubleshooting CORS Issues: If you still face the same CORS issue after implementing these steps, there might be a few reasons for that. Following are some common ones:
1. The browser or client-side code is not configured properly for CORS. Ensure your application's header settings are correct and supported by all browsers.
2. You have a firewall or proxy blocking the request. If you're using third parties like Cloudflare, ensure that their configuration allows CORS requests to pass through successfully.
3. There might be an issue with your server-side code or configuration. Ensure you've enabled CORS on both your application and the API endpoints it calls. Make sure that all relevant headers are set correctly and consistently.
4. You might need to configure the Laravel environment for remote requests. If you're using the local development environment, make sure you have configured the appropriate settings in `config/app.php` for your application URLs.
Conclusion: The steps mentioned above should help you enable CORS in Laravel applications. By following these methods and troubleshooting guidelines, you can ensure a smooth cross-domain resource sharing experience for your users. For more comprehensive guides on Laravel development, visit https://laravelcompany.com.