e

@@ -137,7 +137,8 @@ class ApiController extends Controller
         $response =  $pdf;
         $response =  $pdf;
         $statusCode = 200;
         $statusCode = 200;
 		
 		
-        return Response::json($response, $statusCode)->header('Access-Control-Allow-Origin', '*');
+		
+        return Response::json($response, $statusCode)
            
            
 
 
 
 

 <?php 
 <?php 
-
 namespace App\Http\Middleware;
 namespace App\Http\Middleware;
 
 
 use Closure;
 use Closure;
-use Illuminate\Contracts\Routing\Middleware;
-use Illuminate\Session\TokenMismatchException;
 
 
-class Cors implements Middleware {
 
 
+class Cors
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
     public function handle($request, Closure $next)
     public function handle($request, Closure $next)
     {
     {
-        $response = $next($request);
-        $response->headers->set('Access-Control-Allow-Origin', '*')->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        header("Access-Control-Allow-Origin: *");
 
 
-        return $response;
+        // ALLOW OPTIONS METHOD
+        $headers = [
+            'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+            'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
+        ];
+        if($request->getMethod() == "OPTIONS") {
+            // The client-side application can set only headers allowed in Access-Control-Allow-Headers
+            return Response::make('OK', 200, $headers);
         }
         }
 
 
+        $response = $next($request);
+        foreach($headers as $key => $value)
+            $response->header($key, $value);
+        return $response;
+    }
 }
 }
\ No newline at end of file