From 4c0c770c5658b6f5eae00f806a87db5ebcf12138 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 2 Jun 2021 13:14:40 +1000
Subject: [PATCH] Fixes for CORS

---
 app/Http/Kernel.php                     |  6 ++----
 app/Http/Middleware/Cors.php            | 26 ++++++++++++-------------
 app/Http/Middleware/SetDomainNameDb.php |  1 +
 config/session.php                      |  2 +-
 4 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 974ce1a01800..db4c3039172d 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -65,12 +65,12 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $middleware = [
-        \Fruitcake\Cors\HandleCors::class,
         CheckForMaintenanceMode::class,
         ValidatePostSize::class,
         TrimStrings::class,
         ConvertEmptyStringsToNull::class,
         TrustProxies::class,
+        // \Fruitcake\Cors\HandleCors::class,
         Cors::class,
 
     ];
@@ -105,6 +105,7 @@ class Kernel extends HttpKernel
             EncryptCookies::class,
             AddQueuedCookiesToResponse::class,
             StartSession::class,
+            // \Illuminate\Session\Middleware\AuthenticateSession::class,
             ShareErrorsFromSession::class,
             VerifyCsrfToken::class,
             SubstituteBindings::class,
@@ -162,9 +163,6 @@ class Kernel extends HttpKernel
 
     protected $middlewarePriority = [
         Cors::class,
-        AddQueuedCookiesToResponse::class,
-        VerifyCsrfToken::class,
-        StartSession::class,
         SetDomainNameDb::class,
         SetDb::class,
         SetWebDb::class,
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 70f211ead87e..fbeb6e892e6a 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -10,24 +10,24 @@ class Cors
 {
     public function handle($request, Closure $next)
     {
-        // if ($request->getMethod() == 'OPTIONS') {
-        //     header('Access-Control-Allow-Origin: *');
+        if ($request->getMethod() == 'OPTIONS') {
+            header('Access-Control-Allow-Origin: *');
 
-        //     // ALLOW OPTIONS METHOD
-        //     $headers = [
-        //         'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
-        //         'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
-        //     ];
+            // ALLOW OPTIONS METHOD
+            $headers = [
+                'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+                'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
+            ];
 
-        //     return Response::make('OK', 200, $headers);
-        // }
+            return Response::make('OK', 200, $headers);
+        }
 
         $response = $next($request);
 
-        // $response->headers->set('Access-Control-Allow-Origin', '*');
-        // $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-        // $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
-        // $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
+        $response->headers->set('Access-Control-Allow-Origin', '*');
+        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
         $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
         $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));
 
diff --git a/app/Http/Middleware/SetDomainNameDb.php b/app/Http/Middleware/SetDomainNameDb.php
index 09366e939d3e..1e2b6a34ab7e 100644
--- a/app/Http/Middleware/SetDomainNameDb.php
+++ b/app/Http/Middleware/SetDomainNameDb.php
@@ -86,6 +86,7 @@ class SetDomainNameDb
 
         }
 
+        config(['app.url' => $request->getSchemeAndHttpHost()]);
 
         return $next($request);
     }
diff --git a/config/session.php b/config/session.php
index 571c90ad7ec7..4e0f66cda64c 100644
--- a/config/session.php
+++ b/config/session.php
@@ -196,6 +196,6 @@ return [
     |
     */
 
-    'same_site' => 'none',
+    'same_site' => 'lax',
 
 ];