Access-Control-Allow-Origin with Laravel and Omnipay

Question

I'm trying to make an Ajax post request from Backbone, calling the Laravel route "pay" but I get always this answer from the console log:

XMLHttpRequest cannot load https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&useraction=commit&token=EC-5S932878HU8059629. Origin http://localhost is not allowed by Access-Control-Allow-Origin. 

I tried to modify my MAMP httpd.conf to accept cross domain script, and as you can see I've added an header instruction to the routes.php. Here is my JS code:

Backbone.ajax({
        url:'index.php/pay',
        type:'POST',
        dataType:"json",
        data: converteditems,
        crossDomain: true,
        success:function (data) {
            if(data.error) {  // If there is an error, show the error messages
                $('.alert-error').text(data.error.text).show();
           }         
        }
    });

This is the routes.php in Laravel:

<?php
header('Access-Control-Allow-Origin: *');
Route::get('/', function()
{
return View::make('home');
});

Route::resource('products','ProductsController');

Route::resource('login', 'AuthenticationController');

Route::post('pay','PaypalController@doPay');

The doPay method use the Omnipay package in this way (for testing purpose ofc):

public function doPay()

{          

$gateway = GatewayFactory::create('PayPal_Express');
$gateway->setUsername('blablablabla-facilitator_api1.gmail.com'); 
$gateway->setPassword('137787773');
$gateway->setSignature('AhFvPK5rU.kfQOKIwZcYO1yItmtHASGDFDFGDbY9.w');
$gateway->setTestMode('true');
$args['amount']='2.00';
$args['description']='Your purchase';
    $args['returnUrl']='http://localhost/shoppingcart/index.php/return';
    $args['cancelUrl']='http://localhost/shoppingcart/index.php/cancel';

try {

$response = $gateway->purchase($args)->send();

if ($response->isSuccessful()) {
$responsereturn=$response->getData();         
} elseif ($response->isRedirect()) {    
    $response->redirect();
} else {   
    exit($response->getMessage());
}
} catch (\Exception $e) { 
exit('internal error, log exception and display a generic message to the customer');
 }
}

Some more info from the headers of my console:

Request URL:http://localhost/shoppingcart/public/index.php/pay
Request Headersview source
Accept:application/json, text/javascript, */*; q=0.01
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Origin:http://localhost
Referer:http://localhost/shoppingcart/public/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36

Request URL:https://www.sandbox.paypal.com/webscr?cmd=_express-checkout&useraction=commit&token=EC-6J290181UP558705C
Request Headersview source
Origin:http://localhost
Referer:http://localhost/shoppingcart/public/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36
Query String Parametersview sourceview URL encoded
cmd:_express-checkout
useraction:commit
token:EC-6J290181UP558705C

Answer 1

If you want to make your request from Ajax, then you don't want omnipay to immediately redirect that request to paypal. You want to redirect the customer'a browser to paypal.

So you need to put some logic in your controller action, so if it is an XHR request, then just return the URL to forward the customer to.

E.g. Use $response->getRedirectUrl() on the omnipay response instead of $response->redirect(). Then put that in a JSON response or something and use JavaScript to send the customers browser to that URL.