withHeader('Access-Control-Allow-Origin', '*') ->withHeader('Access-Control-Allow-Credentials', 'true') ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS') ->withHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, X-CSRF-TOKEN, X-Requested-With'); Context::set(ResponseInterface::class, $response); if ($request->getMethod() == 'OPTIONS') { return $response; } return $handler->handle($request); } }