d

Jeff Balicki
Showing 2 changed files with 30 additions and 0 deletions
app/Http/Kernel.php
app/Http/Middleware/Cors.php
--- a/app/Http/Kernel.php
View file @4071f5d
+++ b/app/Http/Kernel.php
View file @4071f5d
@@ -49,5 +49,6 @@ class Kernel extends HttpKernel
        'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
+        'cors' => \App\Http\Middleware\Cors::class,
    ];
 }
--- a/app/Http/Middleware/Cors.php 0 → 100644
View file @4071f5d
+++ b/app/Http/Middleware/Cors.php 0 → 100644
View file @4071f5d
+<?php
+namespace App\Http\Middleware;
+
+use Closure;
+
+class Cors
+{
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request $request
+     * @param  \Closure $next
+     *
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        return $next($request)
+            ->header('Access-Control-Allow-Origin', $_SERVER['HTTP_ORIGIN'])
+            // Depending of your application you can't use '*'
+            // Some security CORS concerns 
+            //->header('Access-Control-Allow-Origin', '*')
+            ->header('Access-Control-Allow-Methods', 'POST, OPTIONS')
+            ->header('Access-Control-Allow-Credentials', 'true')
+            ->header('Access-Control-Max-Age', '10000')
+            ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
+    }
+}
\ No newline at end of file