0

I am creating a new project with angularjs and almost my front end job is done.

I am planning for laravel php to interact with my data and use it only for basic operations like fetching data, mailing etc.

Here are my questions.

  1. I plan to take a subdomain, db.mydomain.com where laravel is loaded and the api is referred to that $http call in angularjs. Is this a good practise?

  2. If yes, how do i enable cors request with laravel.

  3. How can i confirm that the $http request is originated only from my website. I assume we can make it via postman too and using postman the users can copy paste the data. How to make it confirm that the laravel main route works only with base url of my website application.

hope i was clear.

Edit 1 After doing as per instructions,i was able to make cors call. But if i use model to collect data from database, its again throwing cors error.

<?php 

 namespace App\Http\Controllers;
 use App\Task;

 class TechnologiesController extends Controller {


public function index()
{
  $technologies = Task::getAll("technologies"); // not working if dont have header in task.php
//$technologies = array("subjects"=>array()); // working. This is without interacting with database.
  $encodedArray = json_encode($technologies);
  echo $encodedArray;
}

}

task.php

use Illuminate\Database\Eloquent\Model;
use DB;

header("Access-Control-Allow-Origin: *"); //using this line solves the cors problem.But i want it to center accesssed

class Task extends Model {

    public static function getAll($tableName){

        return DB::table($tableName)->get();

    }

}

Note : I used to work with laravel 4 and lost my touch. Now i couldnt understand where the model file exactly to be written.

Improve this question
5
  • This is the package I use for CORS. I think it works well github.com/barryvdh/laravel-cors Commented Dec 21, 2015 at 19:01
  • @jfadich I have updated the code. Can you please advise why my cors is not centralized when connecting with db. Commented Dec 23, 2015 at 1:36
  • 1
    try replacing echo $encodedArray with return $encodedArray Laravel uses a request wrapper meaning you shouldn't echo data from your controller, always return it instead. By returning it laravel can use the middleware to add the headers. Echoing will bypass that. Commented Dec 23, 2015 at 2:34
  • It worked with return. Commented Dec 25, 2015 at 14:34
  • @jfadich Could me please help me out with this question . I am stackoverflow.com/questions/34487807/… Commented Dec 28, 2015 at 5:09

2 Answers 2

Reset to default
1

You can go by subdomain and this is good.

As @jfadich pointed out, go with https://packagist.org/packages/barryvdh/laravel-cors

An alternative option: Add something like /api to your URL.

I used mydomain.com/api because I like that approach and I don't have to do any CORS thing. In this case, depending on your webserver you have to direct the different requests though. The partial example for nginx here is:

location /api/ {
    try_files $uri $uri/ /index.php?$query_string;
}

location / {
    try_files $uri $uri/ /index.html;
}

index.php is your Laravel index file and index.html your Angular one.

Configure Laravel for this by wrapping all the routes in Route::group(['prefix' => 'api'], function(){ ... });

For Auth I also use JWT, still having trouble with refreshing the Token before its invalid but this is another story.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I will take this as a suggestion. And implement in future. I got a apache server got no time. I need to get the setup done asap.
0
  1. Yup this is good practice. Personally I like the subdomain api.domain.com but it's up to you.
  2. I've used this package for CORS in laravel and it works for me. [Edit: Like @hogan mentioned if you use a subdirectory like /api you won't need CORS to be set up.]
  3. You'll want to implement some kind of authentication. I use JWT. It is very difficult to verify the source with something like HTTP_HOST because it is set by the client and easy to spoof.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.