From abd93d31e3676c0481716501a12f708e35a2c1e9 Mon Sep 17 00:00:00 2001
From: Hillel Coren <hillelcoren@gmail.com>
Date: Mon, 6 Mar 2017 11:25:01 +0200
Subject: [PATCH] Add CORS support for buy now buttons

---
 app/Http/Kernel.php          |  1 +
 app/Http/Middleware/Cors.php | 22 ++++++++++++++++++++++
 app/Http/routes.php          |  5 ++++-
 3 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 app/Http/Middleware/Cors.php

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 46a45d9ca6d6..995fc8298d40 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -34,5 +34,6 @@ class Kernel extends HttpKernel
         'permissions.required' => 'App\Http\Middleware\PermissionsRequired',
         'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
         'api' => 'App\Http\Middleware\ApiCheck',
+        'cors' => '\App\Http\Middleware\Cors',
     ];
 }
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
new file mode 100644
index 000000000000..f7248cdd42ab
--- /dev/null
+++ b/app/Http/Middleware/Cors.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class Cors
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure  $next
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        return $next($request)
+            ->header('Access-Control-Allow-Origin', '*')
+            ->header('Access-Control-Allow-Methods', 'GET, POST');
+    }
+}
diff --git a/app/Http/routes.php b/app/Http/routes.php
index 04d17603ee25..87d9b65fe75d 100644
--- a/app/Http/routes.php
+++ b/app/Http/routes.php
@@ -71,7 +71,10 @@ Route::post('signup/submit', 'AccountController@submitSignup');
 
 Route::get('/auth/{provider}', 'Auth\AuthController@authLogin');
 Route::get('/auth_unlink', 'Auth\AuthController@authUnlink');
-Route::match(['GET', 'POST'], '/buy_now/{gateway_type?}', 'OnlinePaymentController@handleBuyNow');
+
+Route::group(['middleware' => 'cors'], function () {
+    Route::match(['GET', 'POST'], '/buy_now/{gateway_type?}', 'OnlinePaymentController@handleBuyNow');
+});
 
 Route::post('/hook/email_bounced', 'AppController@emailBounced');
 Route::post('/hook/email_opened', 'AppController@emailOpened');