Laravel 5: routing CORS issue on just one URL

I am trying to make 2 ajax requests to an external laravel site. One of the requests works perfectly. The other one gives me the following error:

Access to XMLHttpRequest at 'http://localhost/somesite/devicecreate' from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The origin is null because the request comes from a local html (which will become an app so null should switch to "*" when running with Cordova)

I have already created a CORS middleware solution that I though was working, but oddly only works for one of the ajax requests, even though all requests use the same function.

The 2 routes are stored in web.php as follows:

  Route::post('/devicecreate','FrontEndController@savedevice')->middleware('cors');
  Route::post('/list', 'FrontEndController@list')->middleware('cors');

Here is my ajax request function in javascript

var ajaxRequest = function ( url, data, callback ) {

        var  xhr = new XMLHttpRequest();

        xhr.onerror = function(e) { 
              console.log("Ajax request error");
        };

        xhr.addEventListener("load",function () {
              xhr.responseJSON = JSON.parse( xhr.responseText );
              callback( xhr.responseJSON);
        });

        xhr.open("POST", url );
        xhr.setRequestHeader("X-Requested-With","XMLHttpRequest");
        xhr.send(data);
};

At the moment (for testing purposes) both route methods and all object data is identical so "/devicecreate" and "/list" should do exactly the same thing. But only "/list" works.

If I try php artisan route:list I can see both "devicecreate" and "list" with the same Methods, correct Actions and same Middleware

My CORS middleware looks like this:

<?php

  namespace App\Http\Middleware;

  use Closure;

  class Cors
  {
     /**
      * Handle an incoming request.
      *
      * @param  \Illuminate\Http\Request  $request
      * @param  \Closure  $next
      * @return mixed
      */
     public function handle($request, Closure $next)
     {

         if ($request->getMethod() == "OPTIONS") {
             return response(['OK'], 200)
             ->withHeaders([
            'Access-Control-Allow-Origin' => '*',
            'Access-Control-Allow-Methods' => 'GET,POST',
            'Access-Control-Allow-Headers' => 'Authorization,Content-Type,X-Requested-With,XMLHttpRequest',
          ]);
    }

    return $next($request)
    ->header('Access-Control-Allow-Origin', '*')
    ->header('Access-Control-Allow-Methods', 'GET,POST')
    ->header('Access-Control-Allow-Headers','Authorization,Content-Type,X-Requested-With,XMLHttpRequest');

      }
  }

I also tried to run php artisan route:cache but get an error:

Route cache cleared!

LogicException : Unable to prepare route [api/user] for serialization. Uses Closure. at C:\xampp\htdocs\HotainmentApp\vendor\laravel\framework\src\Illuminate\Routing\Route.php:917

I don't see how only one of these routes work. I have tried renaming the route but it makes no difference.

Can anyone help?

via Chebli Mohamed