Cors should respect the .env var for CORS domains
This commit is contained in:
+5
-1
@@ -1,10 +1,14 @@
|
||||
<?php
|
||||
|
||||
$allowed_origins = env('CORS_ALLOWED_ORIGINS') !== null ?
|
||||
explode(',', env('CORS_ALLOWED_ORIGINS')) : [];
|
||||
|
||||
|
||||
return [
|
||||
|
||||
'supportsCredentials' => false,
|
||||
|
||||
'allowedOrigins' => ['*'],
|
||||
'allowedOrigins' => $allowed_origins,
|
||||
|
||||
'allowedHeaders' => ['*'],
|
||||
|
||||
|
||||
Reference in New Issue
Block a user