From 24b7cb75095de6be09fcbc2f735ae8e767f767e8 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 2 Jun 2021 10:18:42 +1000
Subject: [PATCH 1/2] Fixes for CORS

---
 app/Http/Kernel.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 50a82e8992aa..2559cb6bcada 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -125,6 +125,7 @@ class Kernel extends HttpKernel
             ShareErrorsFromSession::class,
             SubstituteBindings::class,
             QueryLogging::class,
+            VerifyCsrfToken::class,
         ],
     ];
 
@@ -194,5 +195,6 @@ class Kernel extends HttpKernel
         Locale::class,
         SubstituteBindings::class,
         ContactAccount::class,
+        VerifyCsrfToken::class,
     ];
 }

From 37de17cf383791f39ec7542a06d6286e7e50875a Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 2 Jun 2021 10:48:48 +1000
Subject: [PATCH 2/2] Fixes for CORS

---
 app/Http/Kernel.php          | 4 +++-
 app/Http/Middleware/Cors.php | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 2559cb6bcada..08d05edce1ee 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -101,6 +101,7 @@ class Kernel extends HttpKernel
             'throttle:60,1',
             'bindings',
             'query_logging',
+            Cors::class,
         ],
         'client' => [
             EncryptCookies::class,
@@ -111,6 +112,7 @@ class Kernel extends HttpKernel
             VerifyCsrfToken::class,
             SubstituteBindings::class,
             QueryLogging::class,
+            Cors::class,
         ],
         'shop' => [
             'throttle:120,1',
@@ -125,7 +127,7 @@ class Kernel extends HttpKernel
             ShareErrorsFromSession::class,
             SubstituteBindings::class,
             QueryLogging::class,
-            VerifyCsrfToken::class,
+            // VerifyCsrfToken::class,
         ],
     ];
 
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 1291e5ba912e..66de2d22b936 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -25,6 +25,7 @@ class Cors
         $response = $next($request);
 
         $response->headers->set('Access-Control-Allow-Origin', '*');
+        $response->headers->set('Access-Control-Allow-Credentials', 'True');
         $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
         $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE');
         $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');