getMethod() === 'OPTIONS') { $response = new Response(204); } else { $response = $handler->handle($request); } return $response ->withHeader('Access-Control-Allow-Origin', $origin) ->withHeader('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization') ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS') ->withHeader('Access-Control-Allow-Credentials', 'true'); } }