From 603958349798cea8913403561c67109340ab9367 Mon Sep 17 00:00:00 2001
From: Michael Darko <mickdd22@gmail.com>
Date: Mon, 15 Nov 2021 08:57:33 +0000
Subject: [PATCH] :sparkles: added cors config

---
 config/cors.php | 114 ++++++++++++++++++++++++++++++++++++++++++++++++
 index.php       |   2 +-
 2 files changed, 115 insertions(+), 1 deletion(-)
 create mode 100644 config/cors.php

diff --git a/config/cors.php b/config/cors.php
new file mode 100644
index 0000000..f976c37
--- /dev/null
+++ b/config/cors.php
@@ -0,0 +1,114 @@
+<?php
+
+return [
+    /*
+    |--------------------------------------------------------------------------
+    | Configure allowed origins
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Allow-Origin CORS header. Possible values:
+    |
+    | * String - set origin to a specific origin. For example if
+    |   you set it to "http://example.com" only requests from
+    |   "http://example.com" will be allowed.
+    |
+    | * RegExp - set origin to a regular expression pattern which will be
+    |   used to test the request origin. If it's a match, the request origin
+    |   will be reflected. For example the pattern /example\.com$/ will reflect
+    |   any request that is coming from an origin ending with "example.com".
+    |
+    | * Array - set origin to an array of valid origins. Each origin can be a String
+    |   or a RegExp. For example ["http://example1.com", /\.example2\.com$/] will
+    |   accept any request from "http://example1.com" or from
+    |   a subdomain of "example2.com".
+    |
+    | * Function - set origin to a function implementing some custom
+    |   logic. The function takes the request origin as the first parameter
+    |   and a callback (called as callback(err, origin), where origin is a
+    |   non-function value of the origin option) as the second.
+    |
+    */
+    "origin" => "*",
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure allowed HTTP methods
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Allow-Methods CORS header.
+    | Expects a comma-delimited string (ex: 'GET,PUT,POST') or
+    | an array (ex: ['GET', 'PUT', 'POST'])
+    |
+    */
+    "methods" => "GET,HEAD,PUT,PATCH,POST,DELETE",
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure allowed HTTP headers
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Allow-Headers CORS header. Expects a
+    | comma-delimited string (ex: 'Content-Type,Authorization') or
+    | an array (ex: ['Content-Type', 'Authorization']). If not specified,
+    | defaults to reflecting the headers specified in the request's
+    | Access-Control-Request-Headers header.
+    |
+    */
+    "allowedHeaders" => "*",
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure expose headers
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Expose-Headers CORS header. Expects
+    | a comma-delimited string (ex: 'Content-Range,X-Content-Range')
+    | or an array (ex: ['Content-Range', 'X-Content-Range']).
+    | If not specified, no custom headers are exposed.
+    |
+    */
+    "exposedHeaders" => "",
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure credentials
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Allow-Credentials CORS header.
+    | Set to true to pass the header, otherwise it is omitted.
+    |
+    */
+    "credentials" => false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure max age
+    |--------------------------------------------------------------------------
+    |
+    | Configures the Access-Control-Max-Age CORS header. Set to
+    | an integer to pass the header, otherwise it is omitted.
+    |
+    */
+    "maxAge" => null,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Configure preflight continue
+    |--------------------------------------------------------------------------
+    |
+    | Pass the CORS preflight response to the next handler.
+    |
+    */
+    "preflightContinue" => false,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Log open
+    |--------------------------------------------------------------------------
+    |
+    | Provides a status code to use for successful OPTIONS requests,
+    | since some legacy browsers (IE11, various SmartTVs) choke on 204.
+    |
+    */
+    "optionsSuccessStatus" => 204,
+];
diff --git a/index.php b/index.php
index 53f838e..ffab84a 100644
--- a/index.php
+++ b/index.php
@@ -80,7 +80,7 @@
 | CORS errors at you.
 |
 */
-app()->cors();
+app()->cors(CorsConfig());
 
 /*
 |--------------------------------------------------------------------------