2026-06-17 22:20:17 +05:30

55 lines
1.8 KiB
PHP

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class HandleCors
{
/**
* Allowed origins. Set to '*' for open APIs, or list specific origins.
*/
private array $allowedOrigins = ['*'];
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next): Response
{
// Handle preflight OPTIONS request
if ($request->isMethod('OPTIONS')) {
return response('', 204)
->header('Access-Control-Allow-Origin', $this->origin($request))
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
->header('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, X-Requested-With, Origin')
->header('Access-Control-Allow-Credentials', 'true')
->header('Access-Control-Max-Age', '86400');
}
/** @var Response $response */
$response = $next($request);
$response->headers->set('Access-Control-Allow-Origin', $this->origin($request));
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS');
$response->headers->set('Access-Control-Allow-Headers', 'Authorization, Content-Type, Accept, X-Requested-With, Origin');
$response->headers->set('Access-Control-Allow-Credentials', 'true');
return $response;
}
/**
* Determine the allowed origin for the response.
*/
private function origin(Request $request): string
{
if (in_array('*', $this->allowedOrigins)) {
return '*';
}
$origin = $request->header('Origin', '');
return in_array($origin, $this->allowedOrigins) ? $origin : $this->allowedOrigins[0];
}
}