Laravel 8 redirecting to external url Not Working : Cors-CodePudding

Yes. I can't figure out after 2 days straight. I've tried so many ways to do this.

I can't redirect to an external URL. It says Cors policies.

Access to XMLHttpRequest at 'https://www.google.com/' (redirected from 'http://localhost:8888/api/products/kkk') from origin 'http://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:8888' that is not equal to the supplied origin.

I'm using Laravel 8.

In config/cors.php:

<?php

return [

    // 'paths' => ['api/*', 'sanctum/csrf-cookie'],

    'paths' => ['*'],

    'allowed_methods' => ['*'],

    'allowed_origins' => ['*'],

    'allowed_origins_patterns' => [],

    'allowed_headers' => ['*'],

    'exposed_headers' => [],

    'max_age' => 0,

    'supports_credentials' => false,

];

In controller:

redirect()->to('https://www.google.com')->send();
return Redirect::to('https://www.google.com');
return redirect('https://www.google.com');
return redirect()->away('https://www.google.com');

Either of the above doesn't solve the problem.

I've also tried adding custom cors middleware.

App\Http\Middleware\Cors.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class Cors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
     */
    public function handle(Request $request, Closure $next)
    {
        return $next($request)->header('Access-Control-Allow-Origin', '*');
    }
}

in Kernel.php: I added below line in the $routeMiddleware array.

'cors' => \App\Http\Middleware\Cors::class,

And, in api.php:

Route::middleware(['cors'])->group(function () {
    Route::post('/products/kkk', [StaffController::class, 'redirect_to_checkout']);
});

I've also tried running:

php artisan config:cache

CodePudding user response：

you can use response header

    return response()->header('Location','https://www.google.com');

or use code

return header('Location: https://www.google.com');

CodePudding user response：

If you are redirecting to Google then Google will not have your localhost origin allowed in their servers as (I'm assuming), you do not own those origins.

You need to set up a proxy server.

Rather than the browser sending a request to your target server directly, the browser would send the request to a CORS proxy with your target URL, which might look like https://proxy.example/https://other.example (using the target URL as a path).

The CORS proxy then forwards the request to the real server, and then returns the response plus the correct CORS headers.

Check out this Github repo for setting up PHP CORS proxy servers to accomplish this.

Why does this work? Because it is only the browser that makes preflight requests to verify the CORS policy, routing the browsers requests to a browserless proxy server to make the requests for you essentially circumvents these checks.

Important Note! This only works for publicly accessible sites that the CORS proxy can directly access from wherever it's hosted (no credentials required).

In your case, the target origin is google.com so you wont have an issue with that.

Hope this helps, as someone who has been pulling their hair out for the past couple days because of CORS (and getting my CORS question insta-downvoted like many other CORS related questions), I can sympathise with your frustration.