Merge pull request #5011 from ThisIsMissEm/feat/add-api-cors

Adjust CORS configuration to support API & OAuth Routes
This commit is contained in:
daniel 2024-04-05 22:11:20 -06:00 committed by GitHub
commit e2c2952fda
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 8 additions and 5 deletions

View file

@ -14,12 +14,12 @@ class Kernel extends HttpKernel
* @var array * @var array
*/ */
protected $middleware = [ protected $middleware = [
\Illuminate\Http\Middleware\HandleCors::class,
\Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class, \Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode::class,
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class, \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrustProxies::class,
\App\Http\Middleware\TrimStrings::class, \App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class, \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
]; ];
/** /**

View file

@ -22,7 +22,9 @@ return [
* Example: ['api/*'] * Example: ['api/*']
*/ */
'paths' => [ 'paths' => [
'.well-known/*' '.well-known/*',
'api/*',
'oauth/*'
], ],
/* /*
@ -48,7 +50,8 @@ return [
/* /*
* Sets the Access-Control-Expose-Headers response header with these headers. * Sets the Access-Control-Expose-Headers response header with these headers.
*/ */
'exposed_headers' => [], // TODO: Add support for rate-limit related headers
'exposed_headers' => ['Link'],
/* /*
* Sets the Access-Control-Max-Age response header when > 0. * Sets the Access-Control-Max-Age response header when > 0.
@ -59,4 +62,4 @@ return [
* Sets the Access-Control-Allow-Credentials header. * Sets the Access-Control-Allow-Credentials header.
*/ */
'supports_credentials' => false, 'supports_credentials' => false,
]; ];