more fixes

config/cors.php

@@ -0,0 +1,34 @@
+<?php
+
+return [
+    /*
+    |--------------------------------------------------------------------------
+    | Cross-Origin Resource Sharing (CORS) Configuration
+    |
+    | This file configures CORS for the application. Toggle CORS on/off using
+    | the `CP_ENABLE_CORS` environment variable. When disabled the `paths`
+    | array is empty and the CORS middleware will not apply to any routes.
+    |--------------------------------------------------------------------------
+    */
+
+    'paths' => env('CP_ENABLE_CORS', true)
+        ? [
+            'api/*',
+            'sanctum/csrf-cookie',
+        ]
+        : [],
+
+    'allowed_methods' => ['*'],
+
+    'allowed_origins' => ['*'],
+
+    'allowed_origins_patterns' => [],
+
+    'allowed_headers' => ['*'],
+
+    'exposed_headers' => [],
+
+    'max_age' => 0,
+
+    'supports_credentials' => false,
+];