Using CORS middleware for API requests from supported origins

app/Http/Kernel.php

@@ -57,7 +57,6 @@ class Kernel extends HttpKernel
         'can' => \Poniverse\Ponyfm\Http\Middleware\Authorize::class,
         'json-exceptions' => \Poniverse\Ponyfm\Http\Middleware\JsonExceptions::class,
         'guest' => \Poniverse\Ponyfm\Http\Middleware\RedirectIfAuthenticated::class,
-        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
-        'cors' => \Poniverse\Ponyfm\Http\Middleware\Cors::class,
+        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class
     ];
 }

app/Http/Middleware/Cors.php

@@ -1,18 +0,0 @@
-<?php
-
-namespace Poniverse\Ponyfm\Http\Middleware;
-
-use App;
-
-class Cors {
-    public function handle($request, $next)
-    {
-        if (App::environment('local', 'staging')) {
-            return $next($request)
-                ->header('Access-Control-Allow-Origin', '*')
-                ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-        } else {
-            return $next($request);
-        }
-    }
-}

composer.json

@@ -26,7 +26,8 @@
         "graham-campbell/exceptions": "^9.1",
         "minishlink/web-push": "^1.0",
         "alsofronie/eloquent-uuid": "^1.0",
-        "poniverse/api": "dev-rewrite"
+        "poniverse/api": "dev-rewrite",
+        "barryvdh/laravel-cors": "^0.8.2"
     },
     "require-dev": {
         "fzaninotto/faker": "~1.4",

config/app.php

@@ -168,8 +168,8 @@ return [
         Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class,
         Cviebrock\LaravelElasticsearch\ServiceProvider::class,
         GrahamCampbell\Exceptions\ExceptionsServiceProvider::class,
-        Poniverse\Lib\PoniverseServiceProvider::class
-
+        Poniverse\Lib\PoniverseServiceProvider::class,
+        Barryvdh\Cors\ServiceProvider::class,
     ],
 
     /*

config/cors.php

@@ -0,0 +1,19 @@
+<?php
+return [
+    /*
+     |--------------------------------------------------------------------------
+     | Laravel CORS
+     |--------------------------------------------------------------------------
+     |
+     | allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
+     | to accept any value.
+     |
+     */
+    'supportsCredentials' => true,
+    'allowedOrigins' => ['localhost:3000', 'pony.fm', 'stage.pony.fm'],
+    'allowedHeaders' => ['*'],
+    'allowedMethods' => ['*'],
+    'exposedHeaders' => [],
+    'maxAge' => 0,
+    'hosts' => [],
+];