<?php

$defaultAllowedOrigins = implode(',', [
    'http://localhost:5173',
    'https://rabbigerzi.com',
    'https://www.rabbigerzi.com',
]);

$allowedOrigins = array_values(array_filter(array_map(
    'trim',
    explode(',', (string) env('CORS_ALLOWED_ORIGINS', $defaultAllowedOrigins))
)));

return [
    'paths' => ['login', 'logout', 'me'],
    'allowed_methods' => ['GET', 'POST', 'OPTIONS'],
    'allowed_origins' => $allowedOrigins,
    'allowed_origins_patterns' => [],
    'allowed_headers' => ['Content-Type', 'X-Requested-With', 'Accept', 'Origin'],
    'exposed_headers' => [],
    'max_age' => 0,
    'supports_credentials' => true,
];