df

Jeff Balicki
Showing 3 changed files with 17 additions and 13 deletions
app/Http/Middleware/Cors.php
public/.htaccess
public/index.php
--- a/app/Http/Middleware/Cors.php
View file @8330389
+++ b/app/Http/Middleware/Cors.php
View file @8330389
@@ -16,14 +16,9 @@ class Cors
     */
    public function handle($request, Closure $next)
    {
-        return $next($request)
-            ->header('Access-Control-Allow-Origin', $_SERVER['HTTP_ORIGIN'])
-            // Depending of your application you can't use '*'
-            // Some security CORS concerns 
-            ->header('Access-Control-Allow-Origin', '*')
-            ->header('Access-Control-Allow-Methods', 'POST, OPTIONS')
-            ->header('Access-Control-Allow-Credentials', 'true')
-            ->header('Access-Control-Max-Age', '10000')
-            ->header('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With');
+
+     return $next($request)->header('Access-Control-Allow-Origin' , '*')
+         ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
+         ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With');
+ }
    }
-}
\ No newline at end of file
--- a/public/.htaccess
View file @8330389
+++ b/public/.htaccess
View file @8330389
+
 <IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
@@ -15,7 +16,8 @@
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
-    RewriteCond %{HTTP:Authorization} .
-    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+Header add Access-Control-Allow-Origin "*"
+Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
+Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
 </IfModule>
-Header set Access-Control-Allow-Origin "*"
+
--- a/public/index.php
View file @8330389
+++ b/public/index.php
View file @8330389
@@ -8,6 +8,8 @@
 */

 /*
+ *
+ *
 |--------------------------------------------------------------------------
 | Register The Auto Loader
 |--------------------------------------------------------------------------
@@ -19,6 +21,11 @@
 |
 */

+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
+header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token'); // allow certain headers
+
+
 require __DIR__.'/../bootstrap/autoload.php';

 /*