['/api/client', '/api/application', '/api/client/*', '/api/application/*', '/api/servers', '/api/system'], /* * Matches the request method. `['*']` allows all methods. */ 'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD'], /* * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com` */ 'allowed_origins' => explode(',', env('APP_CORS_ALLOWED_ORIGINS') ?? ''), /* * Patterns that can be used with `preg_match` to match the origin. */ 'allowed_origins_patterns' => [], /* * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers. */ 'allowed_headers' => ['*'], /* * Sets the Access-Control-Expose-Headers response header with these headers. */ 'exposed_headers' => [], /* * Sets the Access-Control-Max-Age response header when > 0. */ 'max_age' => 0, /* * Sets the Access-Control-Allow-Credentials header. */ 'supports_credentials' => true, ];