Route::filter('access-control', function($route, $request, $response)
public function __construct()
A more Laravel way of setting the header would be to define a Route filter and modify the response there.
I recently update my laravel-cors package so you might want to check it again.
But setting the Access-Control-Allow-Origin: * header directly (with the response object) also works, it just doesn't check for allowed hosts, headers and methods etc.
I would avoid using the header() function directly. Also, you are setting the headers both in Nginx and in Laravel, one would suffice.
Then you can set the afterFilter in your Controller, or attach it to a group of routes in your routes.php file.
or apply it when it matches a pattern: