DomainTenantFinder executes before CORS middleware

[gssj85]

We have created a custom DomainTenantFinder which run some validations and may throw custom exceptions with error messages.

The problem I'm facing is a CORS missing allow origin because DomainTenantFinder runs before even the global middlewares.

Even on routes without the tenant middleware DomainTenantFinder always runs and always before everything else, this is making hard to work with our current logic.

I have some solutions like moving the validations to another service and executing the validations after tenant is set and maybe validating directly on the route the header (we use a header to set the tenant) is a valid code to not search the landlord database for invalid values, but I'm not sure if even the validations set directly in the api route file will run before DomainTenantFinder.

One solution is to manually set CORS headers at public/index.php and disable the middleware (otherwise it will duplicate the CORS headers) but I really would like to figure out how to control when DomainTenantFinder is called, it seems not right to be called before the global middlewares and when I have a route that doesn't have any tenant middleware on it.

I'm using Laravel 9 and "spatie/laravel-multitenancy": "^3.0",

Any help or guidance is welcome.

[masterix21]

https://laravel.com/docs/11.x/middleware#sorting-middleware

[gssj85]

I ended up making DomainTenantFinder always return null and moved the logic to a middleware, also had to add in the priority array before auth.

I still don't like the fact that DomainTenantFinder always run there's no control over