feat(core): try to use native slim cors for api's

flextype/bootstrap.php

@@ -177,6 +177,18 @@ foreach ($shortcodes_extensions as $shortcodes_extension) {
     }
 }
 
+$app->options('/{routes:.+}', function ($request, $response, $args) {
+    return $response;
+});
+
+$app->add(function ($req, $res, $next) {
+    $response = $next($req, $res);
+    return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
+});
+
 /**
  * Init plugins
  */
@@ -187,6 +199,13 @@ $flextype['plugins']->init($flextype, $app);
  */
 $flextype['themes']->init($flextype, $app);
 
+// Catch-all route to serve a 404 Not Found page if none of the routes match
+// NOTE: make sure this route is defined last
+$app->map(['GET', 'POST', 'PUT', 'DELETE', 'PATCH'], '/{routes:.+}', function($req, $res) {
+    $handler = $this->notFoundHandler; // handle using the default Slim page not found handler
+    return $handler($req, $res);
+});
+
 /**
  * Run application
  */

flextype/middlewares.php

@@ -9,14 +9,7 @@ declare(strict_types=1);
 
 namespace Flextype;
 
-use Tuupola\Middleware\CorsMiddleware;
-
 /**
  * Add middleware CSRF (cross-site request forgery) protection for all routes
  */
 $app->add($flextype->get('csrf'));
-
-/**
- * Add middleware CorsMiddleware for Cross-origin resource sharing.
- */
-$app->add(new CorsMiddleware);