I have a simple API in Laravel. The routes file looks like this:
<?php
Route::resource('airports', 'AirportController');
Route::resource('flights', 'FlightController');
Route::resource('reservations', 'ReservationController');
Route::get('auth', 'AuthController@index');
Route::post('auth', 'AuthController@store');
Route::delete('auth', 'AuthController@destroy');
A custom filter has been added to the filter file:
Route::filter('auth_token', function()
{
$auth_token = Request::header('Authorization');
if(!AuthToken::where('auth_token', '=', $auth_token)->first()){
return Response::json([], 401);
}
});
All resources must pass before the filter auth_token. Now it works fine on my local machine, but as soon as I try it on my server, everything is unauthorized, even if I transfer a valid token. The problem that I defined dd($auth_token)in my custom filter is that it returns null, which means that for some reason my server is not accepting the header.
My .htaccess file looks like this:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Headers "*"
</IfModule>
Postman REST . "admin@admin.com" "admin12345". POST /auth , .
. ?