//I always use an easy method. Just add below lines to \public\index.php file.
//You don't have to use a middleware I think.
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS');

Create a simple middleware called Cors:
php artisan make:middleware Cors
Add the following code to app/Http/Middleware/Cors.php:
public function handle($request, Closure $next)
{ return $next($request) ->header('Access-Control-Allow-Origin', '*') ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') ->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Accept, Authorization, X-Request-With');
}
You can replace the * with localhost or keep it as it is.
Next step is to load the middleware. Add the following line to the $routeMiddleware array in app/Http/Kernel.php.
'cors' => \App\Http\Middleware\Cors::class,
And the final step is to use the middleware on the routes to which you want to set the access origin headers. Assuming you are talking about the new api routes in laravel 5.3, the place to do it is app/Providers/RouteServiceProvider.php, inside the mapApiRoutes() function (you can remove or comment the previous code of the function): Route::group([ 'middleware' => ['api', 'cors'], 'namespace' => $this->namespace, 'prefix' => 'api', ], function ($router) { //Add you routes here, for example: Route::apiResource('/posts','PostController'); });

composer require fruitcake/laravel-cors

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]