|
|
@@ -10,6 +10,11 @@ class CrossDomain
|
|
|
public function handle($request, Closure $next)
|
|
|
{
|
|
|
header('Access-Control-Allow-Origin: *');
|
|
|
+ header("Access-Control-Allow-Methods:GET, POST, OPTIONS, DELETE");
|
|
|
+ header("Access-Control-Allow-Headers:*");
|
|
|
+ header('Strict-Transport-Security:max-age=180');
|
|
|
+ header('X-Download-Options: noopen');
|
|
|
+ header('X-Permitted-Cross-Domain-Policies: none');
|
|
|
return $next($request);
|
|
|
}
|
|
|
}
|
