Fatal error: Class 'Nord\Lumen\Cors\CorsServiceProvider' not found

I noticed angular running in firefox sends Access-Control-Request-Headers as comma separated string without spaces. This cause this to fail:

        $headers = $request->headers->get('Access-Control-Request-Headers');

        if (is_string($headers)) {
            foreach (explode(', ', $headers) as $header) {

I added a simple middleware to deal with it, but it would be great to have it in package. Eg. support both explode(', '.. and explode(','..

see https://scrutinizer-ci.com/g/nordsoftware/lumen-cors/issues/develop/files/src/CorsService.php?orderField=path&order=asc&fileId=src%2FCorsMiddleware.php&honorSelectedPaths=0#inspectioncomment-13939821

Add code coverage to the tests.

This should be reported to the command line, and preferably also report to Code Climate (or another service like Coveralls if Code Climate is unsuitable).

This repo will soon be archived as we're no longer maintaining it.

If you're using it, we suggest finding an alternative or forking this repo.

Thank you.

Hi,

It would be useful if in the config file the allow_origins option also accept patterns, not just exact domains.
For example you have have domains like test1.example.com ... test279.example.com and you able to set it like ['*.example.com'], and don't have to list all your domains.

Thanks,
Gabor

Please add Lumen v8 compatibility.

When trying to use this with Lumen 6.2 this fails to install via composer due to a dependency on Illuminate/support 5.4. The newest version is 6.7 and other packages used with Lumen seem to be starting to require ^6.0, which causes a dependency conflict with lumen-cors.

Not sure if there would be breaking changes in making the version jump, but if not, is it possible to update to support 6.* as well?

Hi there,

I tried using your package, but I still get the error that my origin is not allowed.

This is my config:

 <?php

 return [

'allowOrigins'     => ['*'],

'allowHeaders'     => ['*'],

'allowMethods'     => ['*'],

'allowCredentials' => false,

'exposeHeaders'    => [],

'maxAge'           => 3600,

];

Am I doing something wrong?

What did you do?

Send a Post request to hit endpoint with CORS middleware enable

What did you expect to happen?

Return the response

What actually happened?

i've got this error

Failed to load http://35.197.143.23/checkToken: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3000, *', but only one is allowed. Origin 'http://localhost:3000' is therefore not allowed access.

What versions of PHP, Lumen and this module are you using?

php 71. lumen 5.5 module 2.2

Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.

i try to follow the getting started tutorial on your readme page and when i try to use the cors i've got this correspending errors

Failed to load http://35.197.143.23/checkToken: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:3000, *', but only one is allowed. Origin 'http://localhost:3000' is therefore not allowed access.

and this is the response from my endpoint that use CORS middleware

Access-Control-Allow-Headers:authorization,cache-control
Access-Control-Allow-Methods:POST
Access-Control-Allow-Origin:http://localhost:3000
Access-Control-Allow-Origin:*
Cache-Control:no-cache, private
Connection:Keep-Alive
Content-Encoding:gzip
Content-Type:text/html; charset=UTF-8
Date:Tue, 24 Oct 2017 13:42:09 GMT
Server:nginx/1.10.3 (Ubuntu)
Transfer-Encoding:chunked

thanks for your help and for the module 👍

What did you do?

What did you expect to happen?

By defining localhost:8090 in my allow_origins, I'd be able to receive requests from localhost:8090.

What actually happened?

Origin is not allowed

What versions of PHP, Lumen and this module are you using?

"php": ">=5.6.4",
"laravel/lumen-framework": "5.4.*",
"nordsoftware/lumen-cors": "^2.1"

Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.
it's the configuration:

'allow_origins' => ['*.website.com', 'localhost:8090'],

What did you do?

Upgraded to Lumen ^6.0

What did you expect to happen?

Everything still works

What actually happened?

It simply stopped working

What versions of PHP, Lumen and this module are you using?

PHP 7.2
Lumen 6.3.5
lumen-cors 3.2.0

I have done everything stated in the readme. I have verified that this is working on Lumen 5.8 but NOT on Lumen 6.3.5

I have no idea why.

What did you do?

Trying the package out

What did you expect to happen?

To work fine

What actually happened?

Throws an error

What versions of PHP, Lumen and this module are you using?

PHP 8.0, Lumen 9
Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.

[2022-03-27 21:01:13] local.ERROR: Nord\Lumen\Cors\CorsService::__construct(): Argument #1 ($config) must be of type array, null given, called in PROJECT_DIR/vendor/nordsoftware/lumen-cors/src/CorsServiceProvider.php on line 33 {"exception":"[object] (TypeError(code: 0): Nord\\Lumen\\Cors\\CorsService::__construct(): Argument #1 ($config) must be of type array, null given, called in PROJECT_DIR/vendor/nordsoftware/lumen-cors/src/CorsServiceProvider.php on line 33 at PROJECT_DIR/vendor/nordsoftware/lumen-cors/src/CorsService.php:59)
[stacktrace]
#0 PROJECT_DIR/vendor/nordsoftware/lumen-cors/src/CorsServiceProvider.php(33): Nord\\Lumen\\Cors\\CorsService->__construct()
#1 PROJECT_DIR/vendor/illuminate/container/Container.php(873): Nord\\Lumen\\Cors\\CorsServiceProvider->Nord\\Lumen\\Cors\\{closure}()
#2 PROJECT_DIR/vendor/illuminate/container/Container.php(758): Illuminate\\Container\\Container->build()
#3 PROJECT_DIR/vendor/illuminate/container/Container.php(694): Illuminate\\Container\\Container->resolve()
#4 PROJECT_DIR/vendor/laravel/lumen-framework/src/Application.php(300): Illuminate\\Container\\Container->make()
#5 PROJECT_DIR/vendor/illuminate/container/Container.php(1027): Laravel\\Lumen\\Application->make()
#6 PROJECT_DIR/vendor/illuminate/container/Container.php(947): Illuminate\\Container\\Container->resolveClass()
#7 PROJECT_DIR/vendor/illuminate/container/Container.php(908): Illuminate\\Container\\Container->resolveDependencies()
#8 PROJECT_DIR/vendor/illuminate/container/Container.php(758): Illuminate\\Container\\Container->build()
#9 PROJECT_DIR/vendor/illuminate/container/Container.php(694): Illuminate\\Container\\Container->resolve()
#10 PROJECT_DIR/vendor/laravel/lumen-framework/src/Application.php(300): Illuminate\\Container\\Container->make()
#11 PROJECT_DIR/vendor/illuminate/pipeline/Pipeline.php(169): Laravel\\Lumen\\Application->make()
#12 PROJECT_DIR/vendor/laravel/lumen-framework/src/Routing/Pipeline.php(30): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}()
#13 PROJECT_DIR/vendor/illuminate/pipeline/Pipeline.php(116): Laravel\\Lumen\\Routing\\Pipeline->Laravel\\Lumen\\Routing\\{closure}()
#14 PROJECT_DIR/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(426): Illuminate\\Pipeline\\Pipeline->then()
#15 PROJECT_DIR/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(175): Laravel\\Lumen\\Application->sendThroughPipeline()
#16 PROJECT_DIR/vendor/laravel/lumen-framework/src/Concerns/RoutesRequests.php(112): Laravel\\Lumen\\Application->dispatch()
#17 PROJECT_DIR/public/index.php(28): Laravel\\Lumen\\Application->run()
#18 {main}
"}

What did you do?

Make a CORS request with a trailing slash

What did you expect to happen?

Get back data.

What actually happened?

Get the following error:

`XMLHttpRequest cannot load http://api.site.local/forums/. Redirect from 'http://api.site.local/forums/' to 'http://api.site.local/forums' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://site.local' is therefore not allowed access.

What versions of PHP, Lumen and this module are you using?

PHP 7.1, Lumen 5.3, Nord 1.6

Honestly, this may be more a question than issue, and if so, my apologies. It's quite possible I'm doing something that's erroneous with Lumen or how CORS works. I currently have the config set to 'allow_origins' => ['*'],, so I don't quite understand why this error is coming up.

I'm trying to access pages with a trailing slash, knowing Lumen will redirect them to the page without the trailing slash, but it breaks the CORS request, and while I'd really like to get trailing slashes working, if they don't work, I'd mostly just like to understand why.

Hi

I'm trying to figure out why the Access-Control-Allow-Origin headers aren't being sent when validation fails.

Currently if my upload is ok, the Access-Control-Allow-Origin headers are added.
But if I catch the ValidatorException and return a json response like this:

return response()->json($message), 422);

Then the Access-Control-Allow-Origin headers aren't added.
Could I be doing something wrong?

We're gonna have to bump the major version anyway so might as well go all in

We need to change the minimum stability of this package to stable, currently dev. This can be done by removing the min-stability property from composer.json.

What did you do?

Made a POST request from a not allowed origin

What did you expect to happen?

The post request to succeed and a CORS error in the browser console

What actually happened?

Exception

after install i have an issue:

[Symfony\Component\Debug\Exception\FatalErrorException]
Call to undefined method Illuminate\Foundation\Application::configure()

Could you please clarify what i do wrong?

i have issue with CORS i'm new with Lumen.
my lumen version is 6.0 and my php version is 7.2
i'm using this package.
when i test my api on postman from other system it's works but on browser it doesn't.
thanks in advance.

What did you do?

Tried to request data from api via AngularJS App

What did you expect to happen?

JSON Response of that data

What actually happened?

Chrome Informed me that CORS header not presented

What versions of PHP, Lumen and this module are you using?

PHP 7.0.0, Lumen 5.2.7, Module 1.6
Code is working if you're accessing it through ARC Chrome Plugin (All headers are set) and not working if you are accessing it via AngularJS Application (No CORS Header presented Error)

I had a previous version of lumen-cors installed previously and had to remove it when upgrading to Lumen 6 because that version didn't support it. I just added the new version back to my lumen app and I get the following error:

"Target [Nord\Lumen\Cors\Contracts\CorsService] is not instantiable while building [Nord\Lumen\Cors\CorsMiddleware]." (full stack trace below).

The steps I took were:

1. composer require nordsoftware/lumen-cors
2. Add cors.php to /config
3. Add $app->configure('cors'); to boostrap/app.php
4. Add

$app->middleware([
    Nord\Lumen\Cors\CorsMiddleware::class
]);

to bootstrap/app.php

My composer.json looks like this:

    "name": "laravel/lumen",
    "description": "The Laravel Lumen Framework.",
    "keywords": ["framework", "laravel", "lumen"],
    "license": "MIT",
    "type": "project",
    "require": {
        "php": ">=7.2",
        "laravel/lumen-framework": "6.2.*",
        "vlucas/phpdotenv": "^3.3.1",
        "laravel-doctrine/orm": "1.5.4",
        "laravel-doctrine/extensions": "1.1.*",
        "dingo/api": "2.4.0",
        "gedmo/doctrine-extensions": "^2.4",
        "nuwave/lighthouse": "4.7.*",
        "nordsoftware/lumen-cors": "^3.2"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "phpunit/phpunit": "~8.0",
        "mockery/mockery": "~1.0",
        "phpmd/phpmd" : "^2.7",
        "squizlabs/php_codesniffer": "^3.5",
        "maglnet/composer-require-checker": "^2.0",
        "sebastian/phpcpd": "^4.1",
        "jakub-onderka/php-parallel-lint": "^1.0",
        "povils/phpmnd": "^2.1",
        "phpstan/phpstan": "^0.12.3",
        "vimeo/psalm": "^3.7",
        "sensiolabs/security-checker": "^6.0",
        "phpro/grumphp": "^0.17.0",
        "phpstan/phpstan-doctrine": "^0.12.9",
        "phpstan/extension-installer": "^1.0"
    },
    "autoload": {
        "classmap": [
        ],
        "psr-4": {
            "App\\": "app/"
        }
    },
    "autoload-dev": {
        "classmap": [
            "tests/",
            "database/"
        ]
    },
    "scripts": {
        "post-root-package-install": [
            "php -r \"copy('.env.example', '.env');\""
        ]
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}

Stack Trace

 "#0 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(812): Illuminate\\Container\\Container->notInstantiable('Nord\\\\Lumen\\\\Cors...')",
      "#1 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(681): Illuminate\\Container\\Container->build('Nord\\\\Lumen\\\\Cors...')",
      "#2 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(629): Illuminate\\Container\\Container->resolve('Nord\\\\Lumen\\\\Cors...', Array)",
      "#3 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Application.php(267): Illuminate\\Container\\Container->make('Nord\\\\Lumen\\\\Cors...', Array)",
      "#4 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(945): Laravel\\Lumen\\Application->make('Nord\\\\Lumen\\\\Cors...')",
      "#5 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(873): Illuminate\\Container\\Container->resolveClass(Object(ReflectionParameter))",
      "#6 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(834): Illuminate\\Container\\Container->resolveDependencies(Array)",
      "#7 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(681): Illuminate\\Container\\Container->build('Nord\\\\Lumen\\\\Cors...')",
      "#8 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/container\/Container.php(629): Illuminate\\Container\\Container->resolve('Nord\\\\Lumen\\\\Cors...', Array)",
      "#9 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Application.php(267): Illuminate\\Container\\Container->make('Nord\\\\Lumen\\\\Cors...', Array)",
      "#10 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/pipeline\/Pipeline.php(160): Laravel\\Lumen\\Application->make('Nord\\\\Lumen\\\\Cors...')",
      "#11 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/pipeline\/Pipeline.php(105): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Dingo\\Api\\Http\\Request))",
      "#12 \/home\/jordan\/www\/spidersmart-api\/vendor\/dingo\/api\/src\/Http\/Middleware\/Request.php(127): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))",
      "#13 \/home\/jordan\/www\/spidersmart-api\/vendor\/dingo\/api\/src\/Http\/Middleware\/Request.php(103): Dingo\\Api\\Http\\Middleware\\Request->sendRequestThroughRouter(Object(Dingo\\Api\\Http\\Request))",
      "#14 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/pipeline\/Pipeline.php(171): Dingo\\Api\\Http\\Middleware\\Request->handle(Object(Dingo\\Api\\Http\\Request), Object(Closure))",
      "#15 [internal function]: Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Laravel\\Lumen\\Http\\Request))",
      "#16 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Routing\/Pipeline.php(32): call_user_func(Object(Closure), Object(Laravel\\Lumen\\Http\\Request))",
      "#17 \/home\/jordan\/www\/spidersmart-api\/vendor\/illuminate\/pipeline\/Pipeline.php(105): Laravel\\Lumen\\Routing\\Pipeline->Laravel\\Lumen\\Routing\\{closure}(Object(Laravel\\Lumen\\Http\\Request))",
      "#18 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Concerns\/RoutesRequests.php(413): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))",
      "#19 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Concerns\/RoutesRequests.php(171): Laravel\\Lumen\\Application->sendThroughPipeline(Array, Object(Closure))",
      "#20 \/home\/jordan\/www\/spidersmart-api\/vendor\/laravel\/lumen-framework\/src\/Concerns\/RoutesRequests.php(108): Laravel\\Lumen\\Application->dispatch(NULL)",
      "#21 \/home\/jordan\/www\/spidersmart-api\/public\/index.php(29): Laravel\\Lumen\\Application->run()",
      "#22 {main}"

Thank you for looking

In CorsServiceProvider.php
on line 21: class_alias('Nord\Lumen\Cors\CorsFacade', 'Cors');

During PHPUnit tests, this line is called twice and fails on redeclaring class Cors

Any idea?

Thx

What did you do?

I did as you say in your readme: https://github.com/digiaonline/lumen-cors to install and configure lumen-cors

What did you expect to happen?

That my error message would disappear and I could do requests. Error message:
Access to fetch at 'http://localhost:8000/feedback/add' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

What actually happened?

nothing

What versions of PHP, Lumen and this module are you using?

PHP: 7.3.3
Lumen: "laravel/lumen-framework": "5.8.*",
Lumen-cors: "nordsoftware/lumen-cors": "^3.2",

Here is my app.php:

$app->configure('cors');

$app->middleware([
    'Nord\Lumen\Cors\CorsMiddleware',
]);

$app->register('Nord\Lumen\Cors\CorsServiceProvider');

Any idea why I still get cors issues?
How do I know if this is actually running in the middleware?

I completely follow the installation instruction but it's not working. Still getting this error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://api.domain.dev/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I'm using PHP 7.0, Lumen 5.5 and LumenCors 2.2

What did you do?

• Allow one website for CORS request (so not *)
• Make a request on the same origin

What did you expect to happen?

• The request made on the same origin should've succeeded

What actually happened?

• The request got an 403 Unauthorized from the CORS

What versions of PHP, Lumen and this module are you using?

PHP 5.6
Lumen 5.4
This lib 2.2

Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.

I don't really have an example at hand, but it should be pretty simple if you have any api/app/whatever already bundled with Lumen and using this lib.

In the config file, specify anything else than your host server url & *

Then make a request to your host.

Example config file:
Note I omitted the details that came from your own example config file in this repo.

...
// Lets say your server host is "https://example.com"
// And you offer an endpoint for "https://website.com"
'allow_origins' => ['https://website.com'],
...

Now you just have to create a webpage on https://example.com and query your host. It'll fail.

It'd be necessary to check if the current request has been made on the same origin before failing on CORS.

What did you do?

What did you expect to happen?

What actually happened?

What versions of PHP, Lumen and this module are you using?

Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.

code goes here

What did you do?

Installed lumen-cors package according to instructions. Attempted cross origin ajax call.

What did you expect to happen?

Expected middleware to handle CORS negotiation and allow ajax call.

What actually happened?

Chrome developer tools console shows this error:
Access to XMLHttpRequest at 'http://redacted1' from origin 'http://redacted2' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.

What versions of PHP, Lumen and this module are you using?

PHP 7.2.8
Lumen 5.5.2
lumen-cors 3.1.0
jQuery 3.2.1 (using $.ajax() for GET request)
Chrome Version 70.0.3538.102 (Official Build) (64-bit)
Please include code that reproduces the issue. The best reproductions are self-contained scripts with minimal dependencies.
Header info in dev tools:
General:
Request URL: http://redacted1
Request Method: OPTIONS
Status Code: 302 Redirect
Remote Address: xxx.xxx.xxx.xxx:80
Referrer Policy: no-referrer-when-downgrade
Response Headers:
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://redacted1
Server: Microsoft-IIS/8.5
Date: Mon, 19 Nov 2018 17:03:38 GMT
Content-Length: 213
Request Headers:
OPTIONS redacted1url HTTP/1.1
Host: redacted1host
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: GET
Origin: http://redacted2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: /
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9