['api/*', 'sanctum/csrf-cookie'], 'allowed_methods' => ['*'], 'allowed_origins' => ['*'], 'allowed_origins_patterns' => [], 'allowed_headers' => ['*'], 'exposed_headers' => [ 'X-RateLimit-Limit', 'X-RateLimit-Remaining', 'Retry-After', 'X-API-Version', 'X-API-Version-Status', 'Deprecation', 'Sunset', ], 'max_age' => 86400, // 24 hours 'supports_credentials' => false, ];