Added CORS policy and added an OPTIONS fallback

Beitostolen-Live · Apr 11, 2021 · 47535e4 · 47535e4
1 parent 5749e2d
commit 47535e4
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php
@@ -0,0 +1,39 @@
+<?php
+namespace App\Http\Middleware;
+
+use Closure;
+
+class CorsMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $headers = [
+            'Access-Control-Allow-Origin'      => '*',
+            'Access-Control-Allow-Methods'     => 'POST, GET, OPTIONS, PUT, DELETE',
+            'Access-Control-Allow-Credentials' => 'true',
+            'Access-Control-Max-Age'           => '86400',
+            'Access-Control-Allow-Headers'     => 'Origin, Content-Type, X-Auth-Token, Authorization, Accept, X-Varnish, Via, Age, Accept-Ranges, Connection, Content-Length, Content-Encoding, Vary, Cache-Control, X-Powered-By, Server, Date'//'Content-Type, Authorization, X-Requested-With'
+        ];
+
+        if ($request->isMethod('OPTIONS'))
+        {
+            return response()->json('{"method":"OPTIONS"}', 200, $headers);
+        }
+
+        $response = $next($request);
+        foreach($headers as $key => $value)
+        {
+            $response->header($key, $value);
+        }
+
+        return $response;
+    }
+}
+?>
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -78,6 +78,7 @@
 
 $app->routeMiddleware([
     'auth' => App\Http\Middleware\AuthMiddleware::class,
+    'cors' => App\Http\Middleware\CorsMiddleware::class,
 ]);
 
 /*

diff --git a/routes/web.php b/routes/web.php
@@ -17,7 +17,7 @@
     return $router->app->version();
 });
 
-$router->group(['prefix'=>'api/v1', 'middleware' => 'auth'], function() use($router){
+$router->group(['prefix'=>'api/v1', 'middleware' => ['cors', 'auth']], function() use($router){
     // Festival
     $router->get('/festival', 'FestivalController@index');
     $router->post('/festival', 'FestivalController@create');
@@ -69,4 +69,8 @@
     $router->get('/inventory/{inventory_id}/count', 'InventoryCountController@countsByInventory');
     $router->post('/inventory/{inventory_id}/count', 'InventoryCountController@create');
     $router->delete('/count/{id}', 'InventoryCountController@destroy');
+    // Fallback
+    $router->options('{any:.*}', function (){
+        return;
+    });
 });
-Original file line number
+Diff line change
@@ Expand Up / @@ -78,6 +78,7 @@ @@
     $app->routeMiddleware([
         'auth' => App\Http\Middleware\AuthMiddleware::class,
+        'cors' => App\Http\Middleware\CorsMiddleware::class,
     ]);
     /*
@@ Expand Down @@