Fixes #628 - Handle Cors properly.

app/Http/Kernel.php

@@ -46,7 +46,6 @@ class Kernel extends HttpKernel
         'login.throttling'   => 'CachetHQ\Cachet\Http\Middleware\LoginThrottling',
         'app.isSetup'        => 'CachetHQ\Cachet\Http\Middleware\AppIsSetup',
         'app.hasSetting'     => 'CachetHQ\Cachet\Http\Middleware\HasSetting',
-        'allowedDomains'     => 'CachetHQ\Cachet\Http\Middleware\AllowedDomains',
         'cors'               => 'CachetHQ\Cachet\Http\Middleware\Cors',
     ];
 }

app/Http/Middleware/AllowedDomains.php

@@ -1,49 +0,0 @@
-<?php
-
-/*
- * This file is part of Cachet.
- *
- * (c) James Brooks <james@cachethq.io>
- * (c) Joseph Cohen <joseph.cohen@dinkbit.com>
- * (c) Graham Campbell <graham@mineuk.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace CachetHQ\Cachet\Http\Middleware;
-
-use CachetHQ\Cachet\Facades\Setting;
-use Closure;
-
-class AllowedDomains
-{
-    /**
-     * Run the allowed domains middleware.
-     *
-     * @param \Illuminate\Http\Request $request
-     * @param \Closure                 $next
-     *
-     * @return mixed
-     */
-    public function handle($request, Closure $next)
-    {
-        $response = $next($request);
-
-        // Always allow our own domain.
-        $ourDomain = Setting::get('app_domain');
-        $response->headers->set('Access-Control-Allow-Origin', $ourDomain);
-
-        // Should we allow anyone else?
-        if ($allowedDomains = Setting::get('allowed_domains')) {
-            $domains = explode(',', $allowedDomains);
-            foreach ($domains as $domain) {
-                $response->headers->set('Access-Control-Allow-Origin', $domain);
-            }
-        } else {
-            $response->headers->set('Access-Control-Allow-Origin', getenv('APP_URL'));
-        }
-
-        return $response;
-    }
-}

app/Http/Routes/ApiRoutes.php

@@ -25,7 +25,6 @@ class ApiRoutes
     public function map(Registrar $router)
     {
         $router->group([
-            'middleware' => 'allowedDomains',
             'namespace'  => 'Api',
             'prefix'     => 'api/v1',
         ], function ($router) {