headers->get('origin'); $app_allow_origin = ","; if(env('APP_ENV') == 'local'){ $app_allow_origin = env('APP_ALLOW_ORIGIN_LOCAL'); }else if(env('APP_ENV') == 'production'){ $app_allow_origin = env('APP_ALLOW_ORIGIN_PROD'); } $allowedOrigins = explode(',', $app_allow_origin); // Validate Origin if (!in_array('*', $allowedOrigins) && $origin && !in_array($origin, $allowedOrigins)) { \Log::Info("gatot"); return response('Origin not allowed', 403); } $responseHeaders = [ 'Access-Control-Allow-Origin' => $origin, 'Access-Control-Allow-Methods' => env('APP_ALLOW_METHOD', 'GET, POST, PUT, DELETE, OPTIONS'), 'Access-Control-Allow-Headers' => env('APP_ALLOW_HEADER', 'Content-Type, Authorization'), 'Access-Control-Allow-Credentials' => 'true', ]; // Check if the request is for a static file $path = $request->getPathInfo(); if (preg_match('/\.(jpg|jpeg|png|gif|svg|webp|ico|bmp|tiff)$/i', $path)) { \Log::Info("Masokkkk"); return $response ->header('Access-Control-Allow-Origin', $origin) ->header('Access-Control-Allow-Methods', env('APP_ALLOW_METHOD', 'GET, POST, PUT, DELETE, OPTIONS')) ->header('Access-Control-Allow-Headers', env('APP_ALLOW_HEADER', 'Content-Type, Authorization')); } // Handle OPTIONS preflight request if ($request->getMethod() === 'OPTIONS') { //\Log::Info("options responseHeaders ".json_encode($responseHeaders)); return response(null, 200)->withHeaders($responseHeaders); } $response = $next($request); // Add CORS headers to response foreach ($responseHeaders as $key => $value) { $response->header($key, $value); } //\Log::Info("response response ".json_encode($response->headers->all())); return $response; } }