29 lines
878 B
PHP
29 lines
878 B
PHP
<?php
|
|
|
|
return [
|
|
// Apply CORS to API routes and Sanctum's CSRF cookie endpoint (if used)
|
|
'paths' => ['api/*', 'sanctum/csrf-cookie'],
|
|
|
|
// Allow all HTTP methods for simplicity in dev
|
|
'allowed_methods' => ['*'],
|
|
|
|
// IMPORTANT: Do NOT use '*' when sending credentials. List explicit origins.
|
|
// Set FRONTEND_URL in .env to override the default if needed.
|
|
'allowed_origins' => [env('FRONTEND_URL', 'http://localhost:8080')],
|
|
|
|
// Alternatively, use patterns (kept empty for clarity)
|
|
'allowed_origins_patterns' => [],
|
|
|
|
// Headers the client may send
|
|
'allowed_headers' => ['*'],
|
|
|
|
// Headers exposed to the browser
|
|
'exposed_headers' => [],
|
|
|
|
// Preflight cache duration (in seconds)
|
|
'max_age' => 0,
|
|
|
|
// Must be true if the browser sends cookies or Authorization with withCredentials
|
|
'supports_credentials' => true,
|
|
];
|