header('origin', '*'); $header = [ 'Access-Control-Allow-Origin' => $origin ?: '*', 'Access-Control-Allow-Methods' => 'GET, POST, PUT, OPTIONS, DELETE', 'Access-Control-Allow-Headers' => 'Content-Type, Authorization, X-Admin-Token, X-Requested-With', 'Access-Control-Allow-Credentials' => 'true', 'Access-Control-Max-Age' => '86400', ]; if (strtoupper($request->method()) === 'OPTIONS') { return response('', 204)->header($header); } /** @var Response $response */ $response = $next($request); return $response->header($header); } }