Merge remote-tracking branch 'origin/release' into release

@@ -3,6 +3,7 @@
 namespace App\Http;
 
 use App\Http\Middleware\AuthIdentifier;
+use Fruitcake\Cors\HandleCors;
 use Illuminate\Foundation\Http\Kernel as HttpKernel;
 
 class Kernel extends HttpKernel
@@ -17,7 +18,7 @@ class Kernel extends HttpKernel
     protected $middleware = [
         // \App\Http\Middleware\TrustHosts::class,
         \App\Http\Middleware\TrustProxies::class,
-        \Fruitcake\Cors\HandleCors::class,
+        HandleCors::class,
         \App\Http\Middleware\PreventRequestsDuringMaintenance::class,
         \Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
         \App\Http\Middleware\TrimStrings::class,

@@ -4,31 +4,57 @@ return [
 
     /*
     |--------------------------------------------------------------------------
-    | Cross-Origin Resource Sharing (CORS) Configuration
+    | Laravel CORS Options
     |--------------------------------------------------------------------------
     |
-    | Here you may configure your settings for cross-origin resource sharing
-    | or "CORS". This determines what cross-origin operations may execute
-    | in web browsers. You are free to adjust these settings as needed.
+    | The allowed_methods and allowed_headers options are case-insensitive.
     |
-    | To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
+    | You don't need to provide both allowed_origins and allowed_origins_patterns.
+    | If one of the strings passed matches, it is considered a valid origin.
+    |
+    | If ['*'] is provided to allowed_methods, allowed_origins or allowed_headers
+    | all methods / origins / headers are allowed.
     |
     */
 
-    'paths' => ['api/*', 'sanctum/csrf-cookie'],
+    /*
+     * You can enable CORS for 1 or multiple paths.
+     * Example: ['api/*']
+     */
+    'paths' => ['api/*', 'release/*'],
 
+    /*
+    * Matches the request method. `['*']` allows all methods.
+    */
     'allowed_methods' => ['*'],
 
+    /*
+     * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
+     */
     'allowed_origins' => ['*'],
 
+    /*
+     * Patterns that can be used with `preg_match` to match the origin.
+     */
     'allowed_origins_patterns' => [],
 
+    /*
+     * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
+     */
     'allowed_headers' => ['*'],
 
+    /*
+     * Sets the Access-Control-Expose-Headers response header with these headers.
+     */
     'exposed_headers' => [],
 
+    /*
+     * Sets the Access-Control-Max-Age response header when > 0.
+     */
     'max_age' => 0,
 
+    /*
+     * Sets the Access-Control-Allow-Credentials header.
+     */
     'supports_credentials' => false,
-
 ];

@@ -2,8 +2,6 @@
 
 use Illuminate\Support\Facades\Route;
 
-header("Access-Control-Allow-Origin: *");
-
 /*
 |--------------------------------------------------------------------------
 | API Routes