The error message “Cross-Origin Request Blocked: The Same Origin Policy disallows reading the…

2 min readMar 3, 2023

The error message “Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource” usually occurs when you are making an AJAX request from a different domain or port than the one where the web application is hosted.

This security measure is in place to prevent malicious scripts from accessing sensitive information from other websites without the user’s knowledge.

To resolve this issue, you can try one or more of the following solutions:

Add the appropriate CORS headers on the server-side: You need to add CORS headers to allow requests from specific origins or all origins. To enable CORS in Laravel, you can add the following middleware to your app/Http/Kernel.php file:

protected $middleware = [
    // ...
    \App\Http\Middleware\Cors::class,
];

Then create a new middleware file app/Http/Middleware/Cors.php and add the following code:

<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    public function handle($request, Closure $next)
    {
        $headers = [
            'Access-Control-Allow-Origin'      => '*',
            'Access-Control-Allow-Methods'     => 'POST, GET, OPTIONS, PUT, DELETE',
            'Access-Control-Allow-Credentials' => 'true',
            'Access-Control-Max-Age'           => '86400',
            'Access-Control-Allow-Headers'     => 'Content-Type, Authorization, X-Requested-With'
        ];

        if ($request->isMethod('OPTIONS'))
        {
            return response()->json('{"method":"OPTIONS"}', 200, $headers);
        }

        $response = $next($request);
        foreach($headers as $key => $value)
        {
            $response->header($key, $value);
        }

        return $response;
    }
}

2. Use a reverse proxy: If the web application is hosted on a different domain, you can use a reverse proxy like Nginx or Apache to proxy the requests to the Laravel application. The proxy server will add the CORS headers to the response.

3. Use JSONP: If you are making requests to a third-party API that does not support CORS, you can use JSONP instead. JSONP is a technique where you add a callback parameter to the URL, and the server wraps the response in a function call. However, this technique has some limitations and is not suitable for all use cases.

I hope this helps you resolve the issue. Let me know if you have any further questions.

Written by Serghei Pogor

Responses (1)