backend/.env.example

@@ -3,7 +3,6 @@ APP_ENV=local
 APP_KEY=
 APP_DEBUG=true
 APP_URL=http://localhost
-CORS_ALLOWED_ORIGINS=http://localhost:5173,https://rabbigerzi.com,https://www.rabbigerzi.com
 
 APP_LOCALE=en
 APP_FALLBACK_LOCALE=en

backend/config/cors.php

@@ -1,23 +0,0 @@
-<?php
-
-$defaultAllowedOrigins = implode(',', [
-    'http://localhost:5173',
-    'https://rabbigerzi.com',
-    'https://www.rabbigerzi.com',
-]);
-
-$allowedOrigins = array_values(array_filter(array_map(
-    'trim',
-    explode(',', (string) env('CORS_ALLOWED_ORIGINS', $defaultAllowedOrigins))
-)));
-
-return [
-    'paths' => ['login', 'logout', 'me'],
-    'allowed_methods' => ['GET', 'POST', 'OPTIONS'],
-    'allowed_origins' => $allowedOrigins,
-    'allowed_origins_patterns' => [],
-    'allowed_headers' => ['Content-Type', 'X-Requested-With', 'Accept', 'Origin'],
-    'exposed_headers' => [],
-    'max_age' => 0,
-    'supports_credentials' => true,
-];

backend/tests/Feature/CorsTest.php

@@ -1,24 +0,0 @@
-<?php
-
-namespace Tests\Feature;
-
-use Tests\TestCase;
-
-class CorsTest extends TestCase
-{
-    public function testAllowsProductionFrontendPreflight(): void
-    {
-        $response = $this->withHeaders([
-            'Origin' => 'https://rabbigerzi.com',
-            'Access-Control-Request-Method' => 'POST',
-            'Access-Control-Request-Headers' => 'content-type',
-        ])->options('/login');
-
-        $response->assertNoContent();
-        $response->assertHeader(
-            'Access-Control-Allow-Origin',
-            'https://rabbigerzi.com'
-        );
-        $response->assertHeader('Access-Control-Allow-Credentials', 'true');
-    }
-}