Fixes for Laravel Cors

acidstudios · Jun 8, 2020 · a1126fb · a1126fb
1 parent 91ff36c
commit a1126fb
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 12 deletions.
diff --git a/app/Console/Commands/AcidInstall.php b/app/Console/Commands/AcidInstall.php
@@ -48,6 +48,7 @@ public function handle()
  }
 
  $this->call('passport:install', ['--force']);
+ $this->call('vendor:publish', ['--tag="cors"']);
  } catch (\Exception $ex) {
  $this->error($ex->getMessage());
  }

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -19,7 +19,7 @@ class Kernel extends HttpKernel
  \App\Http\Middleware\TrimStrings::class,
  \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
  \App\Http\Middleware\TrustProxies::class,
- \Barryvdh\Cors\HandleCors::class,
+ \Fruitcake\Cors\HandleCors::class,
  ];
 
  /**

diff --git a/config/cors.php b/config/cors.php
@@ -4,20 +4,57 @@
 
  /*
  |--------------------------------------------------------------------------
- | Laravel CORS
+ | Laravel CORS Options
  |--------------------------------------------------------------------------
  |
- | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
- | to accept any value.
+ | The allowed_methods and allowed_headers options are case-insensitive.
+ |
+ | You don't need to provide both allowed_origins and allowed_origins_patterns.
+ | If one of the strings passed matches, it is considered a valid origin.
+ |
+ | If array('*') is provided to allowed_methods, allowed_origins or allowed_headers
+ | all methods / origins / headers are allowed.
  |
  */
-
- 'supportsCredentials' => false,
- 'allowedOrigins' => ['*'],
- 'allowedOriginsPatterns' => ['*'],
- 'allowedHeaders' => ['*'],
- 'allowedMethods' => ['*'],
- 'exposedHeaders' => [],
- 'maxAge' => 0,
 
+ /*
+ * You can enable CORS for 1 or multiple paths.
+ * Example: ['api/*']
+ */
+ 'paths' => ['api/*'],
+
+ /*
+ * Matches the request method. `[*]` allows all methods.
+ */
+ 'allowed_methods' => ['*'],
+
+ /*
+ * Matches the request origin. `[*]` allows all origins. Wildcards can be used, eg `*.mydomain.com`
+ */
+ 'allowed_origins' => ['*'],
+
+ /*
+ * Patterns that can be used with `preg_match` to match the origin.
+ */
+ 'allowed_origins_patterns' => [],
+
+ /*
+ * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
+ */
+ 'allowed_headers' => ['*'],
+
+ /*
+ * Sets the Access-Control-Expose-Headers response header with these headers.
+ */
+ 'exposed_headers' => [],
+
+ /*
+ * Sets the Access-Control-Max-Age response header when > 0.
+ */
+ 'max_age' => 0,
+
+ /*
+ * Sets the Access-Control-Allow-Credentials header.
+ */
+ 'supports_credentials' => false,
 ];