Skip to content

Commit b14ddb4

Browse files
tanhongittanhongit
committed
feat: implement SimpleCorsMiddleware for enhanced CORS handling across API routes
1 parent ce37dbe commit b14ddb4

File tree

3 files changed

+40
-178
lines changed

3 files changed

+40
-178
lines changed

routes/blog-api.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525

2626
$routePrefix = config('blog-api.defaults.route_prefix');
2727

28-
Route::prefix($routePrefix)->name("$routePrefix.")->middleware('api')->group(function () {
28+
Route::prefix($routePrefix)->name("$routePrefix.")->middleware(\CSlant\Blog\Api\Http\Middlewares\SimpleCorsMiddleware::class)->group(function () {
2929
Route::get('/', fn () => response()->json(['message' => 'Welcome to CSlant Blog API']));
3030

3131
Route::get('search', [PostController::class, 'getSearch']);

src/Http/Middlewares/CorsMiddleware.php

Lines changed: 0 additions & 177 deletions
This file was deleted.

src/Http/Middlewares/SimpleCorsMiddleware.php

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
<?php
2+
3+
namespace CSlant\Blog\Api\Http\Middlewares;
4+
5+
use Closure;
6+
use Illuminate\Http\Request;
7+
use Symfony\Component\HttpFoundation\Response;
8+
9+
class SimpleCorsMiddleware
10+
{
11+
/**
12+
* Handle an incoming request.
13+
*/
14+
public function handle(Request $request, Closure $next): Response
15+
{
16+
// Simple: allow all origins
17+
$origin = $request->headers->get('Origin', '*');
18+
19+
// Handle preflight OPTIONS request
20+
if ($request->getMethod() === 'OPTIONS') {
21+
return response('', 200)
22+
->header('Access-Control-Allow-Origin', $origin)
23+
->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH')
24+
->header('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type, X-Requested-With, X-CSRF-TOKEN, X-XSRF-TOKEN, Origin')
25+
->header('Access-Control-Allow-Credentials', 'true')
26+
->header('Access-Control-Max-Age', '86400');
27+
}
28+
29+
$response = $next($request);
30+
31+
// Add CORS headers to response
32+
$response->headers->set('Access-Control-Allow-Origin', $origin);
33+
$response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH');
34+
$response->headers->set('Access-Control-Allow-Headers', 'Accept, Authorization, Content-Type, X-Requested-With, X-CSRF-TOKEN, X-XSRF-TOKEN, Origin');
35+
$response->headers->set('Access-Control-Allow-Credentials', 'true');
36+
37+
return $response;
38+
}
39+
}

0 commit comments

Comments
 (0)