9/2/2016 - 11:35 AM

Lumen with CORS and OPTIONS requests

Lumen with CORS and OPTIONS requests

Register the CatchAllOptionsRequestsProvider service provider in bootstrap/app.php which will check the incoming request and response successfully if it is an OPTIONS request.

Add the CorsMiddleware to the $app->middleware([ array in bootstrap/app.php which will attach the following CORS headers to all responses:

  • allow all headers
  • allow requests from all origins
  • allow all the headers which were provided in the request
<?php namespace App\Http\Middleware;

class CorsMiddleware {

  public function handle($request, \Closure $next)
    $response = $next($request);

    $response->header('Access-Control-Allow-Methods', 'HEAD, GET, POST, PUT, PATCH, DELETE');
    $response->header('Access-Control-Allow-Headers', $request->header('Access-Control-Request-Headers'));
    $response->header('Access-Control-Allow-Origin', '*');

    return $response;

<?php namespace App\Providers;

use Illuminate\Support\ServiceProvider;

 * If the incoming request is an OPTIONS request
 * we will register a handler for the requested route
class CatchAllOptionsRequestsProvider extends ServiceProvider {

  public function register()
    $request = app('request');

    if ($request->isMethod('OPTIONS'))
      app()->options($request->path(), function() { return response('', 200); });