Laravel 8 API on LEMP(Nginx) Droplet CORS

Posted October 14, 2021 97 views
NginxPHPLEMPLaravelDigitalOcean Droplets

I’ve scoured the this site and Stack Overflow but I cant find a solution that works.

I have a simple Laravel 8 API that is hosted on an Ubuntu server using Nginx.

The application is deployed and works through postman, However, when i try to use a simple front end axios get request for the same URL I get the following error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I have realised that the request from the front end app is not even getting through to index.php. I tried to log out a simple message and got nothing.

This leads me to believe this issue is Nginx related. My sites-available file for the project is below:

server {
     server_name xxx.xxxxx.xxxxxxxx;
     root /var/www/xxx.xxxxx.xxxxxxxx/public;

     index index.html index.htm index.php;

     charset utf-8;

     location / {
         try_files $uri $uri/ /index.php?$query_string;

     location = /favicon.ico { access_log off; log_not_found off; }
     location = /robots.txt  { access_log off; log_not_found off; }

     error_page 404 /index.php;

     location ~ \.php$ {
         fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         include fastcgi_params;

     location ~ /\.(?!well-known).* {
         deny all;

     listen 443 ssl; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/xxx.xxxxx.xxxxxxxx/fullchain.pem; # managed by
     ssl_certificate_key /etc/letsencrypt/live/xxx.xxxxx.xxxxxxxx/privkey.pem; # managed >     by
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

     } server {
     if ($host = xxx.xxxxx.xxxxxxxx) {
         return 301 https://$host$request_uri;
     } # managed by Certbot

     listen 80;
     server_name xxx.xxxxx.xxxxxxxx;
     return 404; # managed by Certbot


If anyone thinks im barking up the wrong tree or has any advice please let me know. I’m a bit stumped!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @damdigital3423,

Are you using the api.php route file? In addition ensure that CSRF is disabled for the api route group. Edit the app\Http\Middleware\VerifyCsrfToken as follows:

protected $except = [

Hope helps you,
Sergio Turpín