31 lines
637 B
PHP
31 lines
637 B
PHP
<?php
|
|
|
|
return [
|
|
|
|
'paths' => [
|
|
'api/*',
|
|
'oauth/*', // Laravel Passport routes
|
|
'sanctum/csrf-cookie',
|
|
'storage/*',
|
|
],
|
|
|
|
'allowed_methods' => ['*'],
|
|
|
|
// Replace * with specific domains in production
|
|
'allowed_origins' => ['*'], // e.g., ['https://your-frontend.com']
|
|
|
|
'allowed_origins_patterns' => [],
|
|
|
|
'allowed_headers' => ['*'],
|
|
|
|
'exposed_headers' => [
|
|
'Authorization', // So frontend can read access token from headers (if needed)
|
|
'X-CSRF-TOKEN',
|
|
],
|
|
|
|
'max_age' => 0,
|
|
|
|
'supports_credentials' => true, // Needed for cookie or session-based auth
|
|
|
|
];
|