Fix API reliability and CORS config for hosted deployment

2026-02-22 01:17:35 +03:00
--- a/config/cors.php
+++ b/config/cors.php
@@ -0,0 +1,27 @@
+<?php
+
+$allowedOrigins = array_values(array_filter(array_map(
+    static fn ($origin) => trim($origin),
+    explode(',', (string) env('CORS_ALLOWED_ORIGINS', 'https://tabeleymvp2-8b111c91640a.hosted.ghaymah.systems'))
+)));
+
+return [
+    'paths' => ['api/*', 'sanctum/csrf-cookie'],
+
+    'allowed_methods' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
+
+    'allowed_origins' => $allowedOrigins,
+
+    'allowed_origins_patterns' => [
+        '#^http://localhost(:\d+)?$#',
+        '#^http://127\.0\.0\.1(:\d+)?$#',
+    ],
+
+    'allowed_headers' => ['*'],
+
+    'exposed_headers' => [],
+
+    'max_age' => 0,
+
+    'supports_credentials' => false,
+];