From 92ad3621dee7963bb68b6732d80700e899ba3638 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 1 Jun 2021 21:43:36 +1000
Subject: [PATCH] Fixes for CORS

---
 app/Http/Kernel.php          | 1 -
 app/Http/Middleware/Cors.php | 4 ++--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 225aef63ed..86f4356469 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -112,7 +112,6 @@ class Kernel extends HttpKernel
             VerifyCsrfToken::class,
             SubstituteBindings::class,
             QueryLogging::class,
-            Cors::class,
         ],
         'shop' => [
             'throttle:120,1',
diff --git a/app/Http/Middleware/Cors.php b/app/Http/Middleware/Cors.php
index 2a90447a6c..ba26b15720 100644
--- a/app/Http/Middleware/Cors.php
+++ b/app/Http/Middleware/Cors.php
@@ -26,8 +26,8 @@ class Cors
 
         $response->headers->set('Access-Control-Allow-Origin', '*');
         $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-        $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');
-        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION,X-CSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Allow-Headers', 'X-API-COMPANY-KEY,X-API-SECRET,X-API-TOKEN,X-API-PASSWORD,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-TOKEN,X-LIVEWIRE');
+        $response->headers->set('Access-Control-Expose-Headers', 'X-APP-VERSION,X-MINIMUM-CLIENT-VERSION');
         $response->headers->set('X-APP-VERSION', config('ninja.app_version'));
         $response->headers->set('X-MINIMUM-CLIENT-VERSION', config('ninja.minimum_client_version'));