| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465 |
- <?php
- return [
- /*
- |--------------------------------------------------------------------------
- | Laravel CORS Options
- |--------------------------------------------------------------------------
- |
- | The allowed_methods and allowed_headers options are case-insensitive.
- |
- | You don't need to provide both allowed_origins and allowed_origins_patterns.
- | If one of the strings passed matches, it is considered a valid origin.
- |
- | If array('*') is provided to allowed_methods, allowed_origins or allowed_headers
- | all methods / origins / headers are allowed.
- |
- */
- /*
- * You can enable CORS for 1 or multiple paths.
- * Example: ['api/*']
- */
- 'paths' => [
- '.well-known/*',
- 'api/*',
- 'oauth/*'
- ],
- /*
- * Matches the request method. `[*]` allows all methods.
- */
- 'allowed_methods' => ['*'],
- /*
- * Matches the request origin. `[*]` allows all origins. Wildcards can be used, eg `*.mydomain.com`
- */
- 'allowed_origins' => ['*'],
- /*
- * Patterns that can be used with `preg_match` to match the origin.
- */
- 'allowed_origins_patterns' => [],
- /*
- * Sets the Access-Control-Allow-Headers response header. `[*]` allows all headers.
- */
- 'allowed_headers' => ['*'],
- /*
- * Sets the Access-Control-Expose-Headers response header with these headers.
- */
- // TODO: Add support for rate-limit related headers
- 'exposed_headers' => ['Link'],
- /*
- * Sets the Access-Control-Max-Age response header when > 0.
- */
- 'max_age' => 0,
- /*
- * Sets the Access-Control-Allow-Credentials header.
- */
- 'supports_credentials' => false,
- ];
|
