i have a laravel application on version 5.7 . the problem is that my api is being called from outside of my server and people can easily call my api and send SMS and cause my some amount of charge . now what I want to do is that prevent the api from all locations to be called just my own server . I heard that laravel 7 has the cors configured but I wanted to know if there is any way for laravel 5.7 to do that . i have throttle for my api but it seems that its not working or the atacker changes the ips of servers . so here is my kernel.php :
'api' => [
'throttle:1000,1',
'bindings',
],
'apiThrottle' => [
'throttle:4,10',
],
];
Advertisement
Answer
You can install https://github.com/spatie/laravel-cors/ package. That will create a file called cors.php under config folder. Follow all the setup instructions, are few.
There you can specifiy which origins are allowed (example)
'allow_origins' => [
'http://127.0.0.1/*',
'https://127.0.0.1/*',
'http://localhost/*',
'https://localhost/*',
],