No 'Access-Control-Allow-Origin' header - Laravel 5.4

XMLHttpRequest cannot load http://myapi/api/rating. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8104' is therefore not allowed access. The response had HTTP status code 403.

I can't figure out why I can't make CORS requests. I've install the middleware here, added it to the global http kernel, but it still doesn't work. Tried to create a custom middleware given stackoverflow suggestions but that also did not work. Also tried adding a Route group. Lastly, I tried setting the response headers manually in the request action. I'm really stuck - help is appreciated!

See for code:

If you are using Laravel 5.5 & Laravel 5.x and facing same problem like No 'Access-Control-Allow-Origin' header is present on the requested resource. Just use following package and config your system.

Step 1:

composer require barryvdh/laravel-cors

Step 2

You also need to add Cors\ServiceProvider to your config/app.php providers array:


To allow CORS for all your routes, add the HandleCors middleware in the $middleware property of app/Http/Kernel.php class:

For global uses:

protected $middleware = [
    // ...

For middleware uses:

protected $middlewareGroups = [
   'web' => [
       // ...

   'api' => [
        // ...

Step 3

Once your installation completed run below command to publish the vendor files.

php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"

Hope this answer helps someone facing the same problem as myself.

No, Examples of no in a Sentence. Adverb She shook her head no. this cake is no better than the last one we made. NO (Karaoke Version) Jacob Kasher, Meghan Trainor, Ricky Reed. Licensed to YouTube by. SME (on behalf of Epic); PEDL, SOLAR Music Rights Management, LatinAutor, Abramus Digital, AMRA, UNIAO

The laravel-cors package allows you to send Cross-Origin Resource Sharing headers with Laravel middleware configuration.


Handles CORS pre-flight OPTIONS requests Adds CORS headers to your responses

No., no. Language · Watch · Edit. See also: Appendix:Variations of "no". Contents. 1 English. 1.1 Pronunciation; 1.2 Etymology 1. 1.2.1 Determiner. Derived  No definition, (a negative used to express dissent, denial, or refusal, as in response to a question or request) See more.

Laravel restricts the cross origin request due to security issues by default. We need to create a Cors middleware to the accept the request from different origin.

Step 1 : Create Cors middleware.

php artisan make:middleware Cors

Step 2 : Add below lines in handle function before return.

//header('Access-Control-Allow-Origin:  *');
header('Access-Control-Allow-Origin:  http://localhost:4200');
header('Access-Control-Allow-Headers:  Content-Type, X-Auth-Token, Authorization, Origin');
header('Access-Control-Allow-Methods:  POST, PUT');

Step 3 : Register the middileware in app/Http/Kernel.php file.

Add below line in $middleware array 


Step 4 : Now we have to call the middleware in app/Http/Kernel.php file

Add below line in $routeMiddleware array 

'cors' => \App\Http\Middleware\Cors::class,

No, No is often used on notices to tell you that something is not allowed. No is followed by an -ing form or a noun.

ok, here is my try. if i'm post to protected api using wrong token, passport return 401 with {"message":"Unauthenticated."}

but because there is no cors header exist on response, my vue app get CORS error and cannot handle the response code.

so at laravel 5.8 on http/kernel.php $middlewarePriority add \Barryvdh\Cors\HandleCors::class before \App\Http\Middleware\Authenticate::class

here is my code:

protected $middlewareGroups = [
    'web' => [
        // \Illuminate\Session\Middleware\AuthenticateSession::class,

    'api' => [

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
    'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
    'can' => \Illuminate\Auth\Middleware\Authorize::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
    'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,

    // Add Localization MiddleWare
    'Localization' => \App\Http\Middleware\localization::class,
    'cors' => \Barryvdh\Cors\HandleCors::class,

protected $middlewarePriority = [

    //add to handle cors before authenticate


hope this help someone else

no, no. or No. abbr. 1. a. north b. northern 2. number No. abbreviation for pl Nos or nos 1. (Physical Geography) north(ern) 2. Also: no number [from French numéro] ThesaurusAntonymsRelated WordsSynonymsLegend: Switch to new thesaurus Noun 1. no. - the number designating place in an ordered sequence ordinal, ordinal number number - a concept of quantity

I faced this error in laravel 5.4 recently, i was sending ajax post request to my own website, and was still getting this same error, i faced this error due to two reasons to be precise,

error: XMLHttpRequest cannot load https://[mydomain].com/quote/short. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://[mydomain].com' is therefore not allowed access.

The reason for above error was that, i was posting request to http domain from https domain, so when i changed it to https, the error was resolved, then again i got the same error due to similar reason, which was the reason, this time, the domain had www. and the requested one did not, after i added www. to both, it worked like a charm.

And for cross origin requests, i used to following solution:

  1. Create a middleware (cors in my case) having code below

    return $next($request)
        ->header('Access-Control-Allow-Origin', '*')
        ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
  2. Insert middle-ware into routeMiddleware array in kernal.php

    'cors' => \App\Http\Middleware\Cors::class,

  3. Add middleware to the respected route

    Route::get('myRoute', ['middleware' => 'cors' , 'uses'=> 'MyController@Action']

Hope this answer helps someone facing the same problem as myself.

NoRedInk is on a mission to build better writers, 31 synonyms of no from the Merriam-Webster Thesaurus, plus 44 related words, definitions, and antonyms. Find another word for no.

No4, "No" is a film that was nominated for the Oscar for Best Foreign Language Film. Perhaps I am wrong, but I wonder if most of this nomination is because of the subject matter, as the peaceful ouster of Pinochet was a wonderful things--and few would disagree with this.

Meghan Trainor NO w/Lyrics Lyrics: I think it's so cute and I think it's so sweet How you let your friends encourage you to try and talk to me But let me stop you there, oh, before you speak

Our new desktop experience was built to be your music destination. Listen to official albums & more.

  • be simple, use this plugin:
  • I did, that is the middleware I mentioned (forgot to say). I added to the kernel as seen in my gist
  • how about to keep it like: 'middleware' => [\Barryvdh\Cors\HandleCors::class]
  • Alright, I removed the 'cors' registration and Cors class. removed the Route group. removed the request action headers. All i have is this for the Kernel protected $middleware = [ ... \Barryvdh\Cors\HandleCors::class ]; Still no luck :(
  • Solved my problem on this: I didn't add "Barryvdh\Cors\ServiceProvider::class" to the config/app.php providers array.
  • TY = Thank You bro, I had the same problem.!!
  • Solved my problem on this: I didn't add "Barryvdh\Cors\ServiceProvider::class" to the config/app.php providers array.
  • Thanks, this was the only thing that worked for me. I believe the other answers (or stuff I've seen online) don't mention the fact that we need to add the middleware to the $middleware array.
  • Thank You So Much Without using any package it did the work..
  • Thanks a lot for your help!
  • Might be worth quoting the actual code snippets from the post you linked, in case it goes away.
  • Great story but this is a coding site, therefore, you have to know how to code before answering questions.