e

Jeff Balicki
Showing 2 changed files with 26 additions and 9 deletions
app/Http/Controllers/ApiController.php
app/Http/Middleware/Cors.php
--- a/app/Http/Controllers/ApiController.php
View file @50ae081
+++ b/app/Http/Controllers/ApiController.php
View file @50ae081
@@ -137,7 +137,8 @@ class ApiController extends Controller
        $response =  $pdf;
        $statusCode = 200;
-        return Response::json($response, $statusCode)->header('Access-Control-Allow-Origin', '*');
+        return Response::json($response, $statusCode)
--- a/app/Http/Middleware/Cors.php
View file @50ae081
+++ b/app/Http/Middleware/Cors.php
View file @50ae081
 <?php 
 namespace App\Http\Middleware;
 use Closure;
-use Illuminate\Contracts\Routing\Middleware;
-use Illuminate\Session\TokenMismatchException;
-class Cors implements Middleware {
+class Cors
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
    public function handle($request, Closure $next)
    {
+        header("Access-Control-Allow-Origin: *");
+        // ALLOW OPTIONS METHOD
+        $headers = [
+            'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+            'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
+        ];
+        if($request->getMethod() == "OPTIONS") {
+            // The client-side application can set only headers allowed in Access-Control-Allow-Headers
+            return Response::make('OK', 200, $headers);
+        }
        $response = $next($request);
-        $response->headers->set('Access-Control-Allow-Origin', '*')->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        foreach($headers as $key => $value)
+            $response->header($key, $value);
        return $response;
    }
+}
-}
\ No newline at end of file