withHeaders([ 'Origin' => 'https://rabbigerzi.com', 'Access-Control-Request-Method' => 'POST', 'Access-Control-Request-Headers' => 'content-type', ])->options('/api/login'); $response->assertNoContent(); $response->assertHeader( 'Access-Control-Allow-Origin', 'https://rabbigerzi.com' ); $response->assertHeader('Access-Control-Allow-Credentials', 'true'); } public function testAllowsPatchPreflight(): void { $response = $this->withHeaders([ 'Origin' => 'http://localhost:5173', 'Access-Control-Request-Method' => 'PATCH', 'Access-Control-Request-Headers' => 'content-type', ])->options('/api/elements/1'); $response->assertNoContent(); $response->assertHeader( 'Access-Control-Allow-Origin', 'http://localhost:5173' ); $this->assertStringContainsString( 'PATCH', $response->headers->get('Access-Control-Allow-Methods') ); } }