What would be the best solution to allow access to files in laravel storage from a client application on another domain?
The following helped me:
location /storage/ {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization, Origin, X-Requested-With, Content-Type, Accept';
try_files $uri =404;
}
I’m not sure that this is the best solution and I don’t really like it, but I couldn’t find another way to solve the issue of accessing storage files through a request (axios, fetch) from a third-party client application 🙁
My cors.php
<?php
return [
/*
|------------------------------------------------ -------------------------
| Cross-Origin Resource Sharing (CORS) Configuration
|------------------------------------------------ -------------------------
|
| Here you may configure your settings for cross-origin resource sharing
| or "CORS". This determines what cross-origin operations may execute
| in web browsers. You are free to adjust these settings as needed.
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
*/
'paths' => ['api/*', 'sanctum/csrf-cookie', 'storage/*'],
'allowed_methods' => ['*'],
'allowed_origins' => ['*'],
'allowed_origins_patterns' => [],
'allowed_headers' => ['*'],
'exposed_headers' => [],
'max_age' => 0,
'supports_credentials' => true,
];
My Http/Kernel.php
<?php
namespace AppHttp;
use IlluminateAuthMiddlewareAuthenticateWithBasicAuth;
use IlluminateAuthMiddlewareAuthorize;
use IlluminateAuthMiddlewareEnsureEmailIsVerified;
use IlluminateAuthMiddlewareRequirePassword;
use IlluminateCookieMiddlewareAddQueuedCookiesToResponse;
use IlluminateFoundationHttpKernel as HttpKernel;
use IlluminateFoundationHttpMiddlewareConvertEmptyStringsToNull;
use IlluminateFoundationHttpMiddlewareHandlePrecognitiveRequests;
use IlluminateFoundationHttpMiddlewareValidatePostSize;
use IlluminateHttpMiddlewareHandleCors;
use IlluminateHttpMiddlewareSetCacheHeaders;
use IlluminateRoutingMiddlewareSubstituteBindings;
use IlluminateRoutingMiddlewareThrottleRequests;
use IlluminateSessionMiddlewareAuthenticateSession;
use IlluminateSessionMiddlewareStartSession;
use IlluminateViewMiddlewareShareErrorsFromSession;
use LaravelPassportHttpMiddlewareCreateFreshApiToken;
use AppHttpMiddlewareAuthenticate;
use AppHttpMiddlewareCheckAuth;
use AppHttpMiddlewareEncryptCookies;
use AppHttpMiddlewareIikoWebhookNameFilter;
use AppHttpMiddlewarePreventRequestsDuringMaintenance;
use AppHttpMiddlewareRedirectIfAuthenticated;
use AppHttpMiddlewareTrimStrings;
use AppHttpMiddlewareTrustProxies;
use AppHttpMiddlewareValidateSignature;
use AppHttpMiddlewareVerifyCsrfToken;
class Kernel extends HttpKernel
{
/**
* The application's global HTTP middleware stack.
*
* These middleware are run during every request to your application.
*
* @var array<int, class-string|string>
*/
protected $middleware = [
// AppHttpMiddlewareTrustHosts::class,
TrustProxies::class,
HandleCors::class,
PreventRequestsDuringMaintenance::class,
ValidatePostSize::class,
TrimStrings::class,
ConvertEmptyStringsToNull::class,
];
/**
* The application's route middleware groups.
*
* @var array<string, array<int, class-string|string>>
*/
protected $middlewareGroups = [
'web' => [
EncryptCookies::class,
AddQueuedCookiesToResponse::class,
StartSession::class,
ShareErrorsFromSession::class,
VerifyCsrfToken::class,
SubstituteBindings::class,
CreateFreshApiToken::class,
],
'api' => [
// LaravelSanctumHttpMiddlewareEnsureFrontendRequestsAreStateful::class,
// IlluminateRoutingMiddlewareThrottleRequests::class.':api',
SubstituteBindings::class,
],
];
/**
* The application's middleware aliases.
*
* Aliases may be used instead of class names to conveniently assign middleware to routes and groups.
*
* @var array<string, class-string|string>
*/
protected $middlewareAliases = [
'auth' => Authenticate::class,
'auth.check' => CheckAuth::class,
'auth.basic' => AuthenticateWithBasicAuth::class,
'auth.session' => AuthenticateSession::class,
'cache.headers' => SetCacheHeaders::class,
'can' => Authorize::class,
'guest' => RedirectIfAuthenticated::class,
'password.confirm' => RequirePassword::class,
'precognitive' => HandlePrecognitiveRequests::class,
'signed' => ValidateSignature::class,
'throttle' => ThrottleRequests::class,
'verified' => EnsureEmailIsVerified::class,
'webhook.iiko.name.filter' => IikoWebhookNameFilter::class,
];
}
I tried sending fetch requests
await fetch("https://example.com/storage/2/1002683_1707758192_57.png");
and got a cors error until I updated my nginx config
New contributor
Vladislav is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.