Using the CORS protection

So far, even though the routes for this app are protected by the auth middleware, I am not dealing with CORS, because I am in the same domain as the login session and Angular has the benefits of sessions and XSRF.

You can see here that it is injecting it into the request for me as I use $http:

Using the CORS protection

Figure 10 XSRF

So, if I went to another site in the same browser, the site cannot use the session from the site that I am coming from to make a request. In this case, if my request was using jQuery, for example, I would need to include this information. Here is an example using jQuery, so we can see a more manual approach to this.

Getting ...

Get Laravel 5.x Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.