Yes you can specify * for the origin. Otherwise you would need to know the origin of each device / network before they tried to connect.

You can also try https://github.com/barryvdh/laravel-cors

• works, but not with basic auth. You can however also just return the requested host. ( $_SERVER['HTTP_ORIGIN'] or $request->headers->get('Origin') )

Go with barry's package because it worked wonders for me, you can also do the dirty and set your headers with PHP header in the route but I don't recommend that. Create your own auth.customname filter to do what you need to do for CORS like hashsalting, like Barryvdh said it's not going to work because it stores your session under that domain only.

Here's a package you can salt with, I'm kinda doing my own thing called auth.fb it's custom to auth with facebook.

http://docs.toddish.co.uk/verify-l4/

barryvdh said:

You can also try https://github.com/barryvdh/laravel-cors

• works, but not with basic auth. You can however also just return the requested host. ( $_SERVER['HTTP_ORIGIN'] or $request->headers->get('Origin') )

Rock on barry, I like your solution much better and it works will with 4.1 I also found it handy because of the flexibility you added to specifically change headers based on exact paths or catch all.