getMethod()) === 'OPTIONS') { return $this->withCorsHeaders(new Response(204)); } $response = $next($request); // Controllers respondem de forma síncrona (Response), mas o FrameworkX // também aceita Promise. Tratamos ambos para anexar os headers de CORS. if ($response instanceof PromiseInterface) { return $response->then(fn (ResponseInterface $resolved): ResponseInterface => $this->withCorsHeaders($resolved)); } return $this->withCorsHeaders($response); } private function withCorsHeaders(ResponseInterface $response): ResponseInterface { return $response ->withHeader('Access-Control-Allow-Origin', '*') ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, DELETE, OPTIONS') ->withHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization') ->withHeader('Access-Control-Max-Age', '86400'); } }