If you are having CORS error when sending your REST request from subdomain (for example www) when using Laravel here is what you have to do.


Usually the error looks like this:

Access to XMLHttpRequest from origin https://www... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.


And that means that your Laravel server is not allowing request from subdomains. To fix this issue you can follow next 3 steps:

  • Open config/cors.php file
  • update allowed origins and enable all subdomains
    'allowed_origins' => ['*floyk.com']
  • clear the config cache by running php artisan config:clear


You can optimize this code a little bit to use environment variable. In your config/cors.php change the line to:

                    'allowed_origins' => ['*'.config('session.session_domain')],

where session.session_domain in your config/session.php is set to

                    'session_domain' => env('SESSION_DOMAIN', false),

and SESSION_DOMAIN in .env file is set to your domain: