From 860ec9f2a48c65d30998942263a4f9a849e9b0a0 Mon Sep 17 00:00:00 2001
From: "Barry vd. Heuvel" <barryvdh@gmail.com>
Date: Thu, 26 Dec 2019 19:46:41 +0100
Subject: [PATCH] Use config instead of middleware property

---
 app/Http/Middleware/HandleCors.php |  8 +---
 config/cors.php                    | 60 ++++++++++++++++++++++++++++++
 routes/api.php                     |  9 ++++-
 3 files changed, 68 insertions(+), 9 deletions(-)
 create mode 100644 config/cors.php

diff --git a/app/Http/Middleware/HandleCors.php b/app/Http/Middleware/HandleCors.php
index 08bfa880..54ceb4a4 100644
--- a/app/Http/Middleware/HandleCors.php
+++ b/app/Http/Middleware/HandleCors.php
@@ -6,11 +6,5 @@
 
 class HandleCors extends Middleware
 {
-    /**
-     * The paths to enable CORS on.
-     * Example: ['api/*']
-     *
-     * @var array
-     */
-    protected $paths = [];
+
 }
diff --git a/config/cors.php b/config/cors.php
new file mode 100644
index 00000000..e60d35cf
--- /dev/null
+++ b/config/cors.php
@@ -0,0 +1,60 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Laravel CORS Options
+    |--------------------------------------------------------------------------
+    |
+    | The allowed_methods and allowed_headers options are case-insensitive.
+    |
+    | You don't need to provide both allowed_origins and allowed_origins_patterns.
+    | If one of the strings passed matches, it is considered a valid origin.
+    |
+    | If array('*') is provided to allowed_methods, allowed_origins or allowed_headers
+    | all methods / origins / headers are allowed.
+    |
+    */
+
+    /*
+     * You can enable CORS for 1 or multiple paths.
+     * Example: ['api/*']
+     */
+    'paths' => [],
+
+    /*
+    * Matches the request method. `[*]` allows all methods.
+    */
+    'allowed_methods' => ['*'],
+
+    /*
+     * Matches the request origin. `[*]` allows all origins.
+     */
+    'allowed_origins' => ['*'],
+
+    /**
+     * Matches the request origin with, similar to `Request::is()`
+     */
+    'allowed_origins_patterns' => [],
+
+    /**
+     * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
+     */
+    'allowed_headers' => ['*'],
+
+    /**
+     * Sets the Access-Control-Expose-Headers response header.
+     */
+    'exposed_headers' => false,
+
+    /**
+     * Sets the Access-Control-Max-Age response header.
+     */
+    'max_age' => false,
+
+    /**
+     * Sets the Access-Control-Allow-Credentials header.
+     */
+    'supports_credentials' => false,
+];
diff --git a/routes/api.php b/routes/api.php
index bcb8b189..10b77b43 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -13,7 +13,12 @@
 | is assigned the "api" middleware group. Enjoy building your API!
 |
 */
-
-Route::middleware('auth:api')->get('/user', function (Request $request) {
+Route::any('/test', function (Request $request) {
+    $a++;
+    return $request->user();
+});
+
+
+Route::middleware('auth:api')->any('/user', function (Request $request) {
     return $request->user();
 });