w

 <?php 
-namespace App\Http\Middleware;
-
 use Closure;
 
-class Cors
-{
+class CORS {
 
     /**
      * Handle an incoming request.
      *
      * @param  \Illuminate\Http\Request  $request
      * @param  \Closure  $next
-     *
      * @return mixed
      */
     public function handle($request, Closure $next)
     {
 
-     return $next($request)->header('Access-Control-Allow-Origin' , 'http://contact.gotenzing.com')
-         ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
-         ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With')
-         ->header('Content-type: text/html');
-        ;
+        header("Access-Control-Allow-Origin: *");
+
+        // ALLOW OPTIONS METHOD
+        $headers = [
+            'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+            'Access-Control-Allow-Headers'=> 'Content-Type, X-Auth-Token, Origin'
+        ];
+        if($request->getMethod() == "OPTIONS") {
+            // The client-side application can set only headers allowed in Access-Control-Allow-Headers
+            return Response::make('OK', 200, $headers);
         }
+
+        $response = $next($request);
+        foreach($headers as $key => $value)
+            $response->header($key, $value);
+        return $response;
     }
+
+}
\ No newline at end of file

@@ -30,7 +30,7 @@ Route::group(array('prefix' => 'api/v1'), function($json)
 
 });
 
-Route::any('api/update',  ['middleware' => 'cors', 'uses' => 'ApiController@update']);
+Route::any('api/update',  array('middleware' => 'cors', 'uses' => 'ApiController@update'));
 
 Route::any('fileentry/postUpload',  'FileEntryController@postUpload');
 

 <?php
 
-// allow origin
-header('Access-Control-Allow-Origin: *');
-// add any additional headers you need to support here
-header('Access-Control-Allow-Headers: Origin, Content-Type');
 
 
 /*