cors.php 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. <?php
  2. return [
  3. /*
  4. * A cors profile determines which origins, methods, headers are allowed for
  5. * a given requests. The `DefaultProfile` reads its configuration from this
  6. * config file.
  7. *
  8. * You can easily create your own cors profile.
  9. * More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile
  10. */
  11. 'cors_profile' => Spatie\Cors\CorsProfile\DefaultProfile::class,
  12. /*
  13. * This configuration is used by `DefaultProfile`.
  14. */
  15. 'default_profile' => [
  16. 'allow_credentials' => true,
  17. 'allow_origins' => explode(',', env('CORS_ALLOW_ORIGINS')),
  18. 'allow_methods' => [
  19. 'POST',
  20. 'GET',
  21. 'OPTIONS',
  22. 'PUT',
  23. 'PATCH',
  24. 'DELETE',
  25. ],
  26. 'allow_headers' => [
  27. 'Content-Type',
  28. 'Origin',
  29. 'Authorization',
  30. ],
  31. 'expose_headers' => [
  32. 'Cache-Control',
  33. 'Content-Language',
  34. 'Content-Type',
  35. 'Expires',
  36. 'Last-Modified',
  37. 'Pragma',
  38. ],
  39. 'forbidden_response' => [
  40. 'message' => 'Forbidden (cors).',
  41. 'status' => 403,
  42. ],
  43. /*
  44. * Preflight request will respond with value for the max age header.
  45. */
  46. 'max_age' => 60 * 60 * 24,
  47. ],
  48. ];