0👍
Since you have an API for a specific front interface, you can simply set that domain in your barryvdh/laravel-cors config. That will avoid mis-detection of the calling domain.
'supportsCredentials' => false,
'allowedOrigins' => ['example.com'],
'allowedOriginsPatterns' => [],
'allowedHeaders' => ['*'],
'allowedMethods' => ['*'],
'exposedHeaders' => [],
'maxAge' => 0,
You should use a .env variable if you have a production release later.
Source:stackexchange.com