From 62a616fbdc28751f6fffc26a24dd618c74a9e21b Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Wed, 13 Nov 2019 22:36:39 +1100
Subject: [PATCH] Fixes for CORS (#3066)

* fix regression in company name

* HasOneThrough for company user

* Validation rules for contact email addresses

* Force a blank contact if no contacts passed in client

* Fixes for COR
---
 app/Http/Kernel.php          |  2 +-
 app/Http/Middleware/Cors.php | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 49ab2a4786d2..9e89969cf25a 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -29,6 +29,7 @@ class Kernel extends HttpKernel
         \App\Http\Middleware\TrimStrings::class,
         \Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
         \App\Http\Middleware\TrustProxies::class,
+        \App\Http\Middleware\Cors::class,
     ];
 
     /**
@@ -108,6 +109,5 @@ class Kernel extends HttpKernel
         'password_protected' => \App\Http\Middleware\PasswordProtection::class,
         'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
         'portal_enabled' => \App\Http\Middleware\ClientPortalEnabled::class,
-        'cors' => \App\Http\Middleware\Cors::class,
     ];
 }
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 543f4a747eb2..1a2e11a380e5 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -3,6 +3,7 @@
 namespace App\Http\Middleware;
 
 use Closure;
+use Illuminate\Http\Response;
 
 class Cors
 {
@@ -10,10 +11,25 @@ class Cors
   public function handle($request, Closure $next)
   {
 
+        if($request->getMethod() == "OPTIONS") {
+	        header("Access-Control-Allow-Origin: *");
+
+	        // ALLOW OPTIONS METHOD
+	        $headers = [
+	            'Access-Control-Allow-Methods'=> 'POST, GET, OPTIONS, PUT, DELETE',
+	            'Access-Control-Allow-Headers'=> 'X-API-SECRET,X-API-TOKEN,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'
+	        ];
+
+            return Response::make('OK', 200, $headers);
+    
+        }
+
+
+
     return $next($request)
       ->header('Access-Control-Allow-Origin', '*')
       ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
-      ->header('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, X-Token-Auth, X-API-TOKEN, X-API-SECRET');
+      ->header('Access-Control-Allow-Headers', 'X-API-SECRET,X-API-TOKEN,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');
 
   }