diff --git a/backend/.env.example b/backend/.env.example index 409384d..6c57527 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -3,6 +3,7 @@ APP_ENV=local APP_KEY= APP_DEBUG=true APP_URL=http://localhost +CORS_ALLOWED_ORIGINS=http://localhost:5173,https://rabbigerzi.com,https://www.rabbigerzi.com APP_LOCALE=en APP_FALLBACK_LOCALE=en diff --git a/backend/config/cors.php b/backend/config/cors.php new file mode 100644 index 0000000..84d78b2 --- /dev/null +++ b/backend/config/cors.php @@ -0,0 +1,23 @@ + ['login', 'logout', 'me'], + 'allowed_methods' => ['GET', 'POST', 'OPTIONS'], + 'allowed_origins' => $allowedOrigins, + 'allowed_origins_patterns' => [], + 'allowed_headers' => ['Content-Type', 'X-Requested-With', 'Accept', 'Origin'], + 'exposed_headers' => [], + 'max_age' => 0, + 'supports_credentials' => true, +]; diff --git a/backend/tests/Feature/CorsTest.php b/backend/tests/Feature/CorsTest.php new file mode 100644 index 0000000..e86bf54 --- /dev/null +++ b/backend/tests/Feature/CorsTest.php @@ -0,0 +1,24 @@ +withHeaders([ + 'Origin' => 'https://rabbigerzi.com', + 'Access-Control-Request-Method' => 'POST', + 'Access-Control-Request-Headers' => 'content-type', + ])->options('/login'); + + $response->assertNoContent(); + $response->assertHeader( + 'Access-Control-Allow-Origin', + 'https://rabbigerzi.com' + ); + $response->assertHeader('Access-Control-Allow-Credentials', 'true'); + } +}