Fixes CORS headers. Closes #3413

app/Http/Kernel.php

@@ -24,6 +24,7 @@ use CachetHQ\Cachet\Http\Middleware\TrustProxies;
 use Illuminate\Auth\Middleware\Authorize;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
 use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
+use Barryvdh\Cors\HandleCors;
 
 class Kernel extends HttpKernel
 {
@@ -33,8 +34,8 @@ class Kernel extends HttpKernel
      * @var array
      */
     protected $middleware = [
-        TrustProxies::class,
-        CheckForMaintenanceMode::class,
+        // TrustProxies::class,
+        // CheckForMaintenanceMode::class,
     ];
 
     /**
@@ -45,6 +46,7 @@ class Kernel extends HttpKernel
     protected $routeMiddleware = [
         'admin'       => Admin::class,
         'can'         => Authorize::class,
+        'cors'        => HandleCors::class,
         'auth'        => Authenticate::class,
         'auth.api'    => ApiAuthentication::class,
         'guest'       => RedirectIfAuthenticated::class,

app/Http/Middleware/VerifyCsrfToken.php

@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of Cachet.
+ *
+ * (c) Alt Three Services Limited
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace CachetHQ\Cachet\Http\Middleware;
+
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
+
+class VerifyCsrfToken extends Middleware
+{
+    /**
+     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
+     *
+     * @var bool
+     */
+    protected $addHttpCookie = true;
+
+    /**
+     * The URIs that should be excluded from CSRF verification.
+     *
+     * @var array
+     */
+    protected $except = [
+        '/api/*'
+    ];
+}

app/Http/Routes/ApiRoutes.php

@@ -40,7 +40,7 @@ class ApiRoutes
             'namespace'  => 'Api',
             'prefix'     => 'api/v1',
         ], function (Registrar $router) {
-            $router->group(['middleware' => ['auth.api']], function (Registrar $router) {
+            $router->group(['middleware' => ['auth.api', 'cors']], function (Registrar $router) {
                 $router->get('components', 'ComponentController@index');
                 $router->get('components/groups', 'ComponentGroupController@index');
                 $router->get('components/groups/{component_group}', 'ComponentGroupController@show');