From d5514631528c2325cc49739eb1adc26c44390ee7 Mon Sep 17 00:00:00 2001
From: Danny Gershman <danny.gershman@gmail.com>
Date: Wed, 20 Mar 2024 21:50:32 -0400
Subject: [PATCH] better CORS handling (#977)

---
 RELEASENOTES.md                      |  3 ++-
 app/Http/Kernel.php                  |  1 +
 config/cors.php                      |  2 +-
 tests/Feature/UpgradeAdvisorTest.php | 10 ++++++++++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/RELEASENOTES.md b/RELEASENOTES.md
index 573b620c7..55de11b0a 100644
--- a/RELEASENOTES.md
+++ b/RELEASENOTES.md
@@ -2,7 +2,8 @@
 
 ### 4.3.2 (UNRELEASED)
 * Fixes some admin logins for BMLT users with special characters. [#973]
-* Fixes validation for when there is no phone number set for volunteers on the Admin interface [#975]
+* Fixes validation for when there is no phone number set for volunteers on the Admin interface. [#975]
+* Improvements for CORS handling.
 
 ### 4.3.1 (March 19, 2024)
 * Fixes for call blasting and post call handling. [#960]
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index d5cf7bee6..06295516e 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -16,6 +16,7 @@ class Kernel extends HttpKernel
     protected $middleware = [
 //        \App\Http\Middleware\TrustHosts::class,
         \App\Http\Middleware\TrustProxies::class,
+        \Illuminate\Http\Middleware\HandleCors::class,
         \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,
diff --git a/config/cors.php b/config/cors.php
index 558369dca..005e772d5 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -15,7 +15,7 @@
     |
     */
 
-    'paths' => ['api/*'],
+    'paths' => ['*'],
 
     'allowed_methods' => ['*'],
 
diff --git a/tests/Feature/UpgradeAdvisorTest.php b/tests/Feature/UpgradeAdvisorTest.php
index ab4f3dd8a..ec1b63d23 100644
--- a/tests/Feature/UpgradeAdvisorTest.php
+++ b/tests/Feature/UpgradeAdvisorTest.php
@@ -51,6 +51,16 @@
         ->assertSeeText(sprintf("bro({\"version\":\"%s\"})", $settings->version()), false);
 })->with(['GET', 'POST']);
 
+test('version test check cors headers', function ($method) {
+    $settings = new SettingsService();
+    app()->instance(SettingsService::class, $settings);
+    $response = $this->call($method, '/version');
+    $response
+        ->assertStatus(200)
+        ->assertHeader("Access-Control-Allow-Origin", "*")
+        ->assertSeeText(sprintf("{\"version\":\"%s\"}", $settings->version()), false);
+})->with(['GET', 'POST']);
+
 test('test with misconfigured phone number', function ($method) {
     $misconfiguredNumber = "+18889822614";
     $settingsService = new SettingsService();