kelvo kelvo - 3 months ago 25
PHP Question

laravel handling the OPTION http method request

I am developing an angularjs app which uses laravel as its back end server.
I am having trouble accessing data from laravel since before each GET request, angular first sends an OPTION request as below

OPTIONS /61028/index.php/api/categories HTTP/1.1
Host: localhost
Connection: keep-alive
Cache-Control: max-age=0
Access-Control-Request-Method: GET
Origin: http://localhost:3501
Access-Control-Request-Headers: origin, x-requested-with, accept
Accept: */*
Referer: http://localhost:3501/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: UTF-8,*;q=0.5

I have tried to respond this by adding the following code in the before filter

if (Request::getMethod() == "OPTIONS") {
$headers = array(
'Access-Control-Allow-Origin' =>' *',
'Access-Control-Allow-Methods'=>' POST, GET, OPTIONS, PUT, DELETE',
'Access-Control-Allow-Headers'=>'X-Requested-With, content-type',);
return Response::make('', 200, $headers);

This creates a response with the headers

Content-Encoding: gzip
X-Powered-By: PHP/5.3.5-1ubuntu7.11
Connection: Keep-Alive
Content-Length: 20
Keep-Alive: timeout=15, max=97
Server: Apache/2.2.17 (Ubuntu)
Vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: X-Requested-With, content-type

Although the headers are set, the browser still throws an error

XMLHttpRequest cannot load http://localhost/61028/index.php/api/categories. Origin http://localhost:3501 is not allowed by Access-Control-Allow-Origin.

I have also tried setting the allow origin to the origin presented in the request header as below

//then within the headers
'Access-Control-Allow-Origin' =>' '.$origin[0],

and still the same error
What am i doing wrong? Any help is greatly appreciated.

Edit 1

I am currently using a very ugly hack where i over-ride laravels initialization when an OPTIONS request is received. This i have done in the index.php

header('Access-Control-Allow-Origin : *');
header('Access-Control-Allow-Methods : POST, GET, OPTIONS, PUT, DELETE');
header('Access-Control-Allow-Headers : X-Requested-With, content-type');
* Laravel - A PHP Framework For Web Artisans
* @package Laravel
* @version 3.2.13
* @author Taylor Otwell <>
* @link

I also had to add the allow-origin header to the before filter.

I know this is not smart but it is my only solution for now


This is with reference to your question regarding the above issue. You did not mention the version of laravel and angularJS. I assume you are using lattest angularJS and Laravel. I also assume, the angular is hosted on http://localhost:3501 and the laravel is hosted on http://localhost Just follow the below steps.

  • Put below code block in /public/.htaccess file of laravel

    Header set Access-Control-Allow-Origin "http://localhost:3501"
    Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"
    Header set Access-Control-Allow-Credentials "true"
  • Put below line in config of angular

    $httpProvider.defaults.withCredentials = true;

Never use * as wild card character. Larvel can not identify the domain for session management. So set http://localhost:3501 as full domain name to Access-Control-Allow-Origin. I think these will help you.