Solved: Mashup Laravel app cors error - Qlik Community

mike_ren · ‎2019-01-31

I have created a laravel app that uses qlik sense as it was provided by the dev hub console using require js. It was working but we have upgraded the qlik version and now it is getting the following response error

has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status

I have seen the question posed before and the solution was to Access-Control-Allow-Origin: * but this has not solved the issue

the file that is throwing the error is product-info.json and then has this paremeter in the url after it: 1548948001449

Has anyone encountered this before and has any solutions on what could be causing the issue?

Update: It is working if I launch chrome with web security disabled

mike_ren · ‎2019-02-26

Yes, it turned out there was a cookie that laravel was creating called xsrf token or something similar to that was blocking the endpoint.

We solved it by commenting out the line '\App\Http\Middleware\VerifyCsrfToken::class,' in Kernel.php

View solution in original post

arodriguez5 · ‎2019-02-26

Hi, I have the same problem exactly, could you solve it?

mike_ren · ‎2019-02-26

Yes, it turned out there was a cookie that laravel was creating called xsrf token or something similar to that was blocking the endpoint.

We solved it by commenting out the line '\App\Http\Middleware\VerifyCsrfToken::class,' in Kernel.php

arodriguez5 · ‎2019-02-26

Thank you, thank you and thank you!!! I owe you a very big one !!
Have you had any problems related to integration?
Can we get in touch to share notes?
Thanks again

mike_ren · ‎2019-02-27

If you want to private message me with any other issues you've been having I'd be happy to see if I can help

arodriguez5 · ‎2019-02-27

Thx, this afternoon sent you private message

Barry_T · ‎2019-03-20

Hi,

I am having the exact same issue, however I have commented out that same line in kernel.php and it has not resolved the issue.

Can I ask, is this what you were seeing that was causing your issue?

Request Headers

Access-Control-Request-Headers: x-xsrf-token
Access-Control-Request-Method: GET

Since commenting out that line, they still appear in my requests, so I am wondering if there is something else I need to do as I am not using a standard install of Laravel. I am using LESK (http://lesk.it/)

Edit: Also, just something to note, CSRF is a security measure in Laravel, and probably shouldn't be disabled completely in a production environment. You can however disable it on specific routes by editing VerifyCsrfToken.php and adding the routes to the $except array.

    protected $except = [
        'reports/user'
    ];

Thanks,
Barry

mike_ren · ‎2019-03-22

Hi Barry,

Is it possible that the cookies were still set after you commented out the line? Have you tried clearing your cache and cookies?

Barry_T · ‎2019-04-03

Hi Mike,

Sorry I had to look at another issue in the last week.

Thanks for the reply.

Once I commented it out I cleared the cache on the browser and also tried it on a colleagues machine just to be sure, but unfortunately it was the same.

Cheers,

Barry