CORS with Laravel 4

There is a mistake in the header name.

header('Allow', 'GET, POST, OPTIONS'); // This is wrong.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS'); // This is right.              

There is no point making a fancy response object and returning it, then letting the page process run as it'll obliterate your CORS headers and continue with the usual content.

App::before(function($request){    if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {        header('Access-Control-Allow-Origin', 'http://mydomain.com');        header('Allow', 'GET, POST, OPTIONS');        header('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Request-With');        header('Access-Control-Allow-Credentials', 'true');        exit;    }});

Some browsers may deny this, because XSS scripts are doing nasty things in that way.

If you load your js file from http://api-example.com/ might help, but there are more stable solutions:

• You can use curl (or something similar) or
• You can use a proxy (Apache, Nginx, etc) for your AJAX request to load the response from the other host
• Or if you are useing a load balancer, or frontend cacheing stuff, you can create a rule...

It depends on your infrastructure and needs, but if performance matters, skip curl.