['api/*', 'sanctum/csrf-cookie'], 'allowed_methods' => $allowedMethods === [] ? ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'] : $allowedMethods, 'allowed_origins' => $allowedOrigins === [] ? ['http://localhost', 'http://127.0.0.1'] : $allowedOrigins, 'allowed_origins_patterns' => [], 'allowed_headers' => $allowedHeaders === [] ? ['Content-Type', 'Authorization', 'X-Requested-With'] : $allowedHeaders, 'exposed_headers' => [], 'max_age' => 0, 'supports_credentials' => (bool) env('CORS_SUPPORTS_CREDENTIALS', false), ];