CORS with Laravel 4
There is no point making a fancy response object and returning it, then letting the page process run as it'll obliterate your CORS headers and continue with the usual content.
App::before(function($request){ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { header('Access-Control-Allow-Origin', 'http://mydomain.com'); header('Allow', 'GET, POST, OPTIONS'); header('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Request-With'); header('Access-Control-Allow-Credentials', 'true'); exit; }});
Some browsers may deny this, because XSS scripts are doing nasty things in that way.
If you load your js file from http://api-example.com/ might help, but there are more stable solutions:
- You can use curl (or something similar) or
- You can use a proxy (Apache, Nginx, etc) for your AJAX request to load the response from the other host
- Or if you are useing a load balancer, or frontend cacheing stuff, you can create a rule...
It depends on your infrastructure and needs, but if performance matters, skip curl.