['api', 'api/', 'api/*', 'sanctum/csrf-cookie', 'broadcasting/*'], 'allowed_methods' => ['*'], 'allowed_origins' => $cors_origin, 'allowed_origins_patterns' => [], 'allowed_headers' => ['*'], 'exposed_headers' => [], 'max_age' => 86400, 'supports_credentials' => true, ];