Fixes for CORS

app/Http/Kernel.php

@@ -65,12 +65,12 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $middleware = [
-        \Fruitcake\Cors\HandleCors::class,
         CheckForMaintenanceMode::class,
         ValidatePostSize::class,
         TrimStrings::class,
         ConvertEmptyStringsToNull::class,
         TrustProxies::class,
+        // \Fruitcake\Cors\HandleCors::class,
         Cors::class,
 
     ];
@@ -105,6 +105,7 @@ class Kernel extends HttpKernel
             EncryptCookies::class,
             AddQueuedCookiesToResponse::class,
             StartSession::class,
+            // \Illuminate\Session\Middleware\AuthenticateSession::class,
             ShareErrorsFromSession::class,
             VerifyCsrfToken::class,
             SubstituteBindings::class,
@@ -162,9 +163,6 @@ class Kernel extends HttpKernel
 
     protected $middlewarePriority = [
         Cors::class,
-        AddQueuedCookiesToResponse::class,
-        VerifyCsrfToken::class,
-        StartSession::class,
         SetDomainNameDb::class,
         SetDb::class,
         SetWebDb::class,

app/Http/Middleware/Cors.php

@@ -10,24 +10,24 @@ class Cors
 {
     public function handle($request, Closure $next)
     {
-        // if ($request->getMethod() == 'OPTIONS') {
+        if ($request->getMethod() == 'OPTIONS') {
-        //     header('Access-Control-Allow-Origin: *');
+            header('Access-Control-Allow-Origin: *');
 
-        //     // ALLOW OPTIONS METHOD
+            // ALLOW OPTIONS METHOD
-        //     $headers = [
+            $headers = [
-        //         'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+                'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
-        //         'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
+                'Access-Control-Allow-Headers'=> 'X-API-COMPANY-KEY,X-CLIENT-VERSION,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE',
-        //     ];
+            ];
 
-        //     return Response::make('OK', 200, $headers);
+            return Response::make('OK', 200, $headers);
-        // }
+        }
 
         $response = $next($request);
 
-        // $response->headers->set('Access-Control-Allow-Origin', '*');
+        $response->headers->set('Access-Control-Allow-Origin', '*');
-        // $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-        // $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-XSRF-TOKEN,X-LIVEWIRE');
-        // $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
+        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
         $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
         $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));
 

app/Http/Middleware/SetDomainNameDb.php

@@ -86,6 +86,7 @@ class SetDomainNameDb
 
         }
 
+        config(['app.url' => $request->getSchemeAndHttpHost()]);
 
         return $next($request);
     }

config/session.php

@@ -196,6 +196,6 @@ return [
     |
     */
 
-    'same_site' => 'none',
+    'same_site' => 'lax',
 
 ];