Using CORS middleware for API requests from supported origins

This commit is contained in:
Josef Citrine 2017-01-03 17:44:40 +00:00
parent f7bc4f0565
commit 780217183e
6 changed files with 744 additions and 429 deletions

View file

@ -57,7 +57,6 @@ class Kernel extends HttpKernel
'can' => \Poniverse\Ponyfm\Http\Middleware\Authorize::class,
'json-exceptions' => \Poniverse\Ponyfm\Http\Middleware\JsonExceptions::class,
'guest' => \Poniverse\Ponyfm\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'cors' => \Poniverse\Ponyfm\Http\Middleware\Cors::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class
];
}

View file

@ -1,18 +0,0 @@
<?php
namespace Poniverse\Ponyfm\Http\Middleware;
use App;
class Cors {
public function handle($request, $next)
{
if (App::environment('local', 'staging')) {
return $next($request)
->header('Access-Control-Allow-Origin', '*')
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
} else {
return $next($request);
}
}
}

View file

@ -26,7 +26,8 @@
"graham-campbell/exceptions": "^9.1",
"minishlink/web-push": "^1.0",
"alsofronie/eloquent-uuid": "^1.0",
"poniverse/api": "dev-rewrite"
"poniverse/api": "dev-rewrite",
"barryvdh/laravel-cors": "^0.8.2"
},
"require-dev": {
"fzaninotto/faker": "~1.4",

1126
composer.lock generated

File diff suppressed because it is too large Load diff

View file

@ -168,8 +168,8 @@ return [
Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class,
Cviebrock\LaravelElasticsearch\ServiceProvider::class,
GrahamCampbell\Exceptions\ExceptionsServiceProvider::class,
Poniverse\Lib\PoniverseServiceProvider::class
Poniverse\Lib\PoniverseServiceProvider::class,
Barryvdh\Cors\ServiceProvider::class,
],
/*

19
config/cors.php Normal file
View file

@ -0,0 +1,19 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Laravel CORS
|--------------------------------------------------------------------------
|
| allowedOrigins, allowedHeaders and allowedMethods can be set to array('*')
| to accept any value.
|
*/
'supportsCredentials' => true,
'allowedOrigins' => ['localhost:3000', 'pony.fm', 'stage.pony.fm'],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
'hosts' => [],
];