tests

src/Http/JsonResponseFactory.php

@@ -13,10 +13,11 @@ use Nyholm\Psr7\Response;
  */
 class JsonResponseFactory
 {
+
     /**
      * Create a JSON response with the given data and status code.
      *
-     * @param array $data The data to include in the response.
+     * @param mixed $data The data to include in the response.
      * @param int $statusCode The HTTP status code for the response.
      * @return Response The JSON response.
      * @throws \JsonException
@@ -31,4 +32,4 @@ class JsonResponseFactory
             body: json_encode($data, JSON_THROW_ON_ERROR)
         );
     }
-}
+}

src/Http/Middleware/CorsMiddleware.php

@@ -40,7 +40,7 @@ class CorsMiddleware implements MiddlewareInterface
 
         $allowOrigin = in_array($origin, $allowedOrigins, true)
             ? $origin
-            : 'null';
+            : null;
 
         if ($request->getMethod() === 'OPTIONS') {
             $response = new Response(204);
@@ -48,6 +48,10 @@ class CorsMiddleware implements MiddlewareInterface
             $response = $handler->handle($request);
         }
 
+        if ($allowOrigin === null) {
+            return $response; // Do not add CORS headers if origin is not allowed.
+        }
+
         $response = $response
             ->withHeader('Access-Control-Allow-Origin', $allowOrigin)
             ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS')
@@ -61,8 +65,9 @@ class CorsMiddleware implements MiddlewareInterface
             $response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
         }
 
-        $maxAge = Config::get('CORS_MAX_AGE') !== 3600 ? Config::get('CORS_MAX_AGE') : 3600;
+        $maxAge = Config::get('cors.max_age') ?: '86400'; // Use correct configuration key.
 
         return $response->withHeader('Access-Control-Max-Age', $maxAge);
     }
 }
+