Lukas Rosenstock's Blog

Lukas Rosenstock's Blog

Browsers restrict API requests to the same origin domain. CORS, or cross-origin-resource-sharing, is a method to overcome this restriction in a well-defined manner. If you’re on the receiving end of a CORS request, or, in other words, if you want your API to receive requests from different origins, you need to configure CORS in your web application framework. Assuming your framework is Laravel, you can read my introduction piece, “Laravel CORS Guide: What It Is and How to Enable It”, which I wrote as a guest post for the StackHawk blog (my first for them!). In it, I cover what CORS is, whether you need it, whether Laravel is the right place to control it (e.g., instead of a reverse proxy), and where to enable it in different versions of the framework. My emphasis is on minimizing the exposed surface. Check out the article now.

Disclosure: This work was paid for by StackHawk.