'*', 'Access-Control-Allow-Methods' => 'GET,POST,PUT,PATCH,DELETE,OPTIONS', 'Access-Control-Allow-Headers' => 'Content-Type,Authorization,Token,X-Requested-With,X-API-Key,X-Timestamp,X-Sign', 'Access-Control-Max-Age' => 1800, ]; if ($request->method() == 'OPTIONS') { return response('', 204)->header($header); } $response = $next($request); $response->header($header); return $response; } }