better CORS handling (#977)

RELEASENOTES.md

@@ -2,7 +2,8 @@
 
 ### 4.3.2 (UNRELEASED)
 * Fixes some admin logins for BMLT users with special characters. [#973]
-* Fixes validation for when there is no phone number set for volunteers on the Admin interface [#975]
+* Fixes validation for when there is no phone number set for volunteers on the Admin interface. [#975]
+* Improvements for CORS handling.
 
 ### 4.3.1 (March 19, 2024)
 * Fixes for call blasting and post call handling. [#960]

app/Http/Kernel.php

@@ -16,6 +16,7 @@ class Kernel extends HttpKernel
     protected $middleware = [
 //        \App\Http\Middleware\TrustHosts::class,
         \App\Http\Middleware\TrustProxies::class,
+        \Illuminate\Http\Middleware\HandleCors::class,
         \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,

config/cors.php

@@ -15,7 +15,7 @@
     |
     */
 
-    'paths' => ['api/*'],
+    'paths' => ['*'],
 
     'allowed_methods' => ['*'],
 

tests/Feature/UpgradeAdvisorTest.php

@@ -51,6 +51,16 @@
         ->assertSeeText(sprintf("bro({\"version\":\"%s\"})", $settings->version()), false);
 })->with(['GET', 'POST']);
 
+test('version test check cors headers', function ($method) {
+    $settings = new SettingsService();
+    app()->instance(SettingsService::class, $settings);
+    $response = $this->call($method, '/version');
+    $response
+        ->assertStatus(200)
+        ->assertHeader("Access-Control-Allow-Origin", "*")
+        ->assertSeeText(sprintf("{\"version\":\"%s\"}", $settings->version()), false);
+})->with(['GET', 'POST']);
+
 test('test with misconfigured phone number', function ($method) {
     $misconfiguredNumber = "+18889822614";
     $settingsService = new SettingsService();