headers->get('origin'); $app_allow_origin = ","; if(env('APP_ENV') == 'local'){ $app_allow_origin = env('APP_ALLOW_ORIGIN_LOCAL'); }else if(env('APP_ENV') == 'production'){ $app_allow_origin = env('APP_ALLOW_ORIGIN_PROD'); } $allowedOrigins = explode(',', $app_allow_origin); // Check if the Origin is in the allowed origins list if (in_array($origin, $allowedOrigins)) { $response->headers->set('Access-Control-Allow-Origin', $origin); // Allow the specific origin }else{ \Log::Info("gatot origin not allowed ".$origin); return response('Origin not allowed', 403); } // Allow required HTTP methods $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $response->headers->set('Access-Control-Allow-Credentials', 'true'); // Allow necessary headers (include Authorization, X-Requested-With, etc.) $response->headers->set('Access-Control-Allow-Headers', 'X-Requested-With,Application,Accept,Content-Type,Redirect,Access-Control-Allow-Origin,Authorization,Event,Referer,Origin,Upgrade-Insecure-Requests,x-permitted-cross-domain-policies,X-Permitted-Cross-Domain-Policies,clear-site-data,Strict-Transport-Security,X-Frame-Options,X-Content-Type-Options,Content-Security-Policy,Referrer-Policy,Clear-Site-Data,Cross-Origin-Embedder-Policy,Cross-Origin-Opener-Policy,Cross-Origin-Resource-Policy,Permissions-Policy,Cache-Control,Pragma,bosid,Bosid'); // Expose specific headers $response->headers->set('Access-Control-Expose-Headers', 'Content-Disposition'); // Handle OPTIONS preflight requests if ($request->getMethod() === "OPTIONS") { \Log::info('CORS Preflight Request'); $response->setStatusCode(200); } // Add CORS header for file storage if ($request->is('storage/*') || $request->is('public/*')) { \Log::Info("MASOKKKKKK"); $response->headers->set('Access-Control-Allow-Origin', '*'); // Change to specific origin if needed $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Authorization, X-Requested-With'); $response->headers->set('Access-Control-Expose-Headers', 'Content-Disposition'); } \Log::Info("Response AKHIR ".json_encode($response)); return $response; } }