I have created a Laravel Application and included passport for authentication. The application is working fine on my local system.
But when I have deployed the application on the shared hosting platform I am facing issue where I am getting error 401 Unauthorised on the request I am passing to the server.
Though, the login API is working fine and generating access token. I am facing difficulty to find out the reason for it.
Could anyone help me out to resolve this issue?
Attaching image the way I am sending the request:
Did you send access_token in your headers like this:
$.ajaxSetup({
headers: {
'Authorization': "Bearer your_access_token",
}
});
Add below code in .htaccess file
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Related
Hi I have recently set up my laravel 8 app with sanctum as api token provider. my login works fine and token is received. this token I am using to get the user.. which works fine for me in localhost..
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
but when I deployed the same application to production.. get user is always resulting to "Unauthenticated". I am not using SPA, and only wish to use API tokens my production API path is like this https://xxx.app/api/user I have already set this to my .env file SESSION_DOMAIN=https//xxx.app SANCTUM_STATEFUL_DOMAINS=https//xxx.app
the SANCTUM_STATEFUL_DOMAINS
also i try to put this in .htaccess
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
i have 2 files htaccess one outside public folder to redirect all request to public index
another one inside public folder to redirect all requests to index.php
i want to get auth user
I have developed application in Angular 7 and APIs in Laravel 5.7.
For CORS issue, I have also installed barryvdh/laravel-cors package in Laravel and its working fine on local.
But when I deployed these both applications on Godaddy single hosting, that is Starter Linux Hosting with cPanel
Angular app in main directory public_html
Laravel APIs in public_html/api directory which points to
public_html/api/public
APIs are not working and I am seeing this error
Access to XMLHttpRequest at 'http://api.example.com/api/documentations?page=1' from origin 'http://example.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request
I have seen lot of answers on stackoverflow and on other sources, nothing seems to be working for me.
I tried adding headers to .htaccess file
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
As well as directly to index.php but with no luck.
header('Access-Control-Allow-Origin', '*')
Any idea or help is highly appreciated. Thanks in advance.
Redirect is not allowed for a preflight request
Since you have a HTTP to HTTPS redirect in place, and your API calls are trying to access http://api.example.com/api/documentations?page=1, they're going to fail, because (as the message states) you can't redirect a CORS preflight.
Update your code to make the API calls over HTTPS.
Thank you #ceejayoz for your valuable comments and answer. I am able to find the issue
I am having two .htaccess files. For main domain, one at
public_html/.htaccess
and another for subdomain at
public_html/api/public/.htaccess
The one at public_html/.htaccess having this line to protect the files inside the public_html/api directory from root access of main domain
RedirectMatch 403 ^/api/.*$
When I commented/removed this line, APIs started working but files inside public_html/api directory were not secure.
Then to secure the files, I created one more file at public_html/api/.htaccess and added these lines
RewriteEngine On
RewriteRule !^public/ - [F,NC]
And I achieved both: APIs are working and files inside public_html/api are secured.
It's so strange that the POST API routes doesn't work!
Check this simple POST route in api.php:
// This route doesn't work!
Route::post('/test', function (Request $request) {
return 'test';
});
It gives me this error: Symfony\\Component\\HttpKernel\\Exception\\MethodNotAllowedHttpException!
But if I change the request verb to GET, then both GET and POST work just fine!!! It's making me crazy!
// This route works on both, GET and POST!
Route::get('/test', function (Request $request) {
return 'test';
});
And yes, as you know the API routes simply don't use the VerifyCsrfToken middleware. So the middleware is not the issue obviously! And php artisan cache:clear is not also the answer :(
Did anybody had the same problem? Any help would be so appreciated.
Oh yea! As #patricus also mentioned in comments, I was experimenting a stupid redirect without knowing it! Let me clear this for anyone else who is experienicng the same thing and don't know where this issue is coming from!
You need to make sure the URL that you're connecting to is not going to be redirected behind the scenes whatsoever...
e.g. in my own hosting panel, I have set to add WWW in all of my URLs... So when I was trying to access the https://example.com/app/public/api/test URL by POST method, I was getting the MethodNotAllowedHttpException error! Because my URL was redirecting to https://www.example.com/app/public/api/test and in redirection it will change to GET! And as I didn't set any GET routes... So obviously I was getting the MethodNotAllowedHttpException exception :)
That's stupid, right? Yea, I know! Also make sure if your app is on a SSL domain, always connect to https:// instead of http://. Because it is not only secure but also a redirection may happen again, without you knowing it! How? By your own .htaccess file that you have changed or your hosting support has changed it for you and you don't remember (check this answer as well):
# Let's force using SSL on all of our URLs and also forbid non-secure POSTs
RewriteEngine On
# Forbid non-secure POSTs
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule ^ / [F,L]
# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Or by services such as CloudFlare, which help you be more secure and redirects all of your URLs from http:// to https:// if you have set this setting in your CloudFlare panel and again you don't remember that!
I have a multiple GET, POST and PUT routes declared in my Slim v2 App and the API had been working perfectly until today. Out of 2 POST routes, the first one declared is returning a 404 Not Found error. This only happens when I call the API on my GoDaddy hosting; when I test it on my localhost it works fine. This is so weird I have ran out of ideas on how to debug this problem. I am using Postman to execute and test the calls to both of servers, local and GoDaddy. Also, the calls to the GoDaddy hosted API are done via HTTPS. My .htaccess file on both servers looks like this:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L,QSA]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Pastebin to curl calls
Screenshot of Postman call
Pastebin to code fragment
When doing a POST request to /apifolder/v1/addcheckin server responds with 301 redirect to which causes the client to make a GET request to /apifolder/v1/addcheckin. Since there is no such GET route defined server responds with 404 error.
$ curl -i -X POST https://myurl.com/apifolder/v1/addcheckin
HTTP/1.1 301 Moved Permanently
Date: Sun, 26 Feb 2017 02:26:34 GMT
Location: https://myurl.com/apifolder/v1/addcheckin
Check the middleware and the rest of the code to see what causes the 301 redirect.
We've using some headers for authentication in our API
Request:
URL: http://lapi.domain.in/test
Header: {AUTH_TOKEN :NUBibTM0QHJkMzM5}
But trying to get header AUTH_TOKEN , its return nothing.
$auth_token = $request->header('AUTH_TOKEN');
Note: other headers working fine and when its name has been changed
too AUTH-TOKEN then its working.
Apache 2.4, PHP 5.6
Thanks
I believe it's related to Apache and not Laravel;
There was a similar issue with Authorization headers in previous versions which was solved by allowing the Authorization headers through htaccess to fix it:
RewriteEngine On
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]