commit 1fb4480c9096ab74afcfd0ed337001dc6607b4ba
Author: smarcet <smarcet@gmail.com>
Date:   Mon Oct 19 21:35:30 2020 -0300

    Updated CORS middleware
    
    Change-Id: Icedcd22e6e73d304583e682647931f85b761a7f8
    Signed-off-by: smarcet <smarcet@gmail.com>

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index dbaefe4..6f54d3d 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -19,7 +19,7 @@ class Kernel extends HttpKernel
         \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
         \Illuminate\Session\Middleware\StartSession::class,
         \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-        \App\Http\Middleware\CORSMiddleware::class,
+        \Spatie\Cors\Cors::class,
         \App\Http\Middleware\SecurityHTTPHeadersWriterMiddleware::class,
         \App\Http\Middleware\ParseMultipartFormDataInputForNonPostRequests::class,
     ];
diff --git a/composer.json b/composer.json
index 545fc7a..d5a42db 100644
--- a/composer.json
+++ b/composer.json
@@ -45,6 +45,7 @@
         "smarcet/outlook-rest-client": "dev-master",
         "sokil/php-isocodes": "^3.0",
         "spatie/flysystem-dropbox": "^1.2",
+        "spatie/laravel-cors": "^1.6",
         "stripe/stripe-php": "^6.37",
         "symfony/yaml": "4.2.2",
         "tecnickcom/tcpdf": "^6.2"
diff --git a/composer.lock b/composer.lock
index 8288e5a..82f9c77 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "content-hash": "2d35492694cc690aadba8344d827c267",
+    "content-hash": "2569063edd25c9e3e29d56309138520c",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -4421,6 +4421,66 @@
             "time": "2019-12-04T08:18:17+00:00"
         },
         {
+            "name": "spatie/laravel-cors",
+            "version": "1.6.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/spatie/laravel-cors.git",
+                "reference": "d74099d57821d5a72ae21416c0be0dcd58779355"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/spatie/laravel-cors/zipball/d74099d57821d5a72ae21416c0be0dcd58779355",
+                "reference": "d74099d57821d5a72ae21416c0be0dcd58779355",
+                "shasum": ""
+            },
+            "require": {
+                "illuminate/support": "5.5.*|5.6.*|5.7.*|5.8.*|^6.0",
+                "php": "^7.2"
+            },
+            "require-dev": {
+                "orchestra/testbench": "3.5.*|3.6.*|3.7.*|3.8.*|^4.0",
+                "phpunit/phpunit": "^8.0"
+            },
+            "type": "library",
+            "extra": {
+                "laravel": {
+                    "providers": [
+                        "Spatie\\Cors\\CorsServiceProvider"
+                    ]
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Spatie\\Cors\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Freek Van der Herten",
+                    "email": "freek@spatie.be",
+                    "homepage": "https://spatie.be",
+                    "role": "Developer"
+                }
+            ],
+            "description": "Send CORS headers in a Laravel or Lumen application",
+            "homepage": "https://github.com/spatie/laravel-cors",
+            "keywords": [
+                "ajax",
+                "api",
+                "cors",
+                "laravel-cors",
+                "request",
+                "spatie"
+            ],
+            "abandoned": "laravel/framework",
+            "time": "2019-09-04T06:55:15+00:00"
+        },
+        {
             "name": "stripe/stripe-php",
             "version": "v6.43.1",
             "source": {
diff --git a/config/cors.php b/config/cors.php
index 89f90ea..4c446b5 100644
--- a/config/cors.php
+++ b/config/cors.php
@@ -1,30 +1,63 @@
 <?php
-/**
-* Copyright 2015 OpenStack Foundation
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-* http://www.apache.org/licenses/LICENSE-2.0
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-**/
-
-return array(
-	/**
-	* http://www.w3.org/TR/cors/#access-control-allow-headers-response-header
-	 */
-	'allowed_headers'        => env('CORS_ALLOWED_HEADERS', 'origin, content-type, accept, authorization, x-requested-with'),
-	/**
-	* http://www.w3.org/TR/cors/#access-control-allow-methods-response-header
-	*/
-	'allowed_methods'        => env('CORS_ALLOWED_METHODS', 'GET, POST, OPTIONS, PUT, DELETE'),
-	'use_pre_flight_caching' => env('CORS_USE_PRE_FLIGHT_CACHING', true),
-	/**
-	* http://www.w3.org/TR/cors/#access-control-max-age-response-header
-	*/
-	'max_age'                => env('CORS_MAX_AGE', 3200),
-	'exposed_headers'        => env('CORS_EXPOSED_HEADERS', ''),
-);
\ No newline at end of file
+
+return [
+
+    /*
+     * A cors profile determines which origins, methods, headers are allowed for
+     * a given requests. The `DefaultProfile` reads its configuration from this
+     * config file.
+     *
+     * You can easily create your own cors profile.
+     * More info: https://github.com/spatie/laravel-cors/#creating-your-own-cors-profile
+     */
+    'cors_profile' => Spatie\Cors\CorsProfile\DefaultProfile::class,
+
+    /*
+     * This configuration is used by `DefaultProfile`.
+     */
+    'default_profile' => [
+
+        'allow_credentials' => true,
+
+        'allow_origins' => [
+            '*',
+        ],
+
+        'allow_methods' => [
+            'POST',
+            'GET',
+            'OPTIONS',
+            'PUT',
+            'PATCH',
+            'DELETE',
+        ],
+
+        'allow_headers' => [
+            'Accept',
+            'Content-Type',
+            'X-Auth-Token',
+            'Origin',
+            'Authorization',
+            'X-Requested-With',
+        ],
+
+        'expose_headers' => [
+            'Cache-Control',
+            'Content-Language',
+            'Content-Type',
+            'Expires',
+            'Last-Modified',
+            'Pragma',
+        ],
+
+        'forbidden_response' => [
+            'message' => 'Forbidden (cors).',
+            'status' => 403,
+        ],
+
+        /*
+         * Preflight request will respond with value for the max age header.
+         */
+        'max_age' => 60 * 60 * 24,
+    ],
+];