1
<?php
2

3
return [
4
    /*
5
    |--------------------------------------------------------------------------
6
    | Cross-Origin Resource Sharing (CORS) Configuration
7
    |--------------------------------------------------------------------------
8
    |
9
    | Here you may configure your settings for cross-origin resource sharing
10
    | or "CORS". This determines what cross-origin operations may execute
11
    | in web browsers. You are free to adjust these settings as needed.
12
    |
13
    | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
14
    |
15
    */
16

17
    /*
18
     * You can enable CORS for 1 or multiple paths.
19
     * Example: ['api/*']
20
     */
21
    'paths' => ['/api/client', '/api/application', '/api/client/*', '/api/application/*'],
22

23
    /*
24
     * Matches the request method. `['*']` allows all methods.
25
     */
26
    'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'],
27

28
    /*
29
     * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
30
     */
31
    'allowed_origins' => explode(',', env('APP_CORS_ALLOWED_ORIGINS') ?? ''),
32

33
    /*
34
     * Patterns that can be used with `preg_match` to match the origin.
35
     */
36
    'allowed_origins_patterns' => [],
37

38
    /*
39
     * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
40
     */
41
    'allowed_headers' => ['*'],
42

43
    /*
44
     * Sets the Access-Control-Expose-Headers response header with these headers.
45
     */
46
    'exposed_headers' => [],
47

48
    /*
49
     * Sets the Access-Control-Max-Age response header when > 0.
50
     */
51
    'max_age' => 0,
52

53
    /*
54
     * Sets the Access-Control-Allow-Credentials header.
55
     */
56
    'supports_credentials' => true,
57
];
58

59