rs-backend/middleware/CorsHeader.php

<?php
	use \Psr\Http\Message\{
		ServerRequestInterface,
		ResponseInterface
	};

	class CorsHeader {
		public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) {

			$method = $_SERVER['REQUEST_METHOD'];
			$origin = $_SERVER['HTTP_ORIGIN'];

			if(in_array($origin, ['http://localhost:8080', 'https://vv.ecconia.de'])) {
				header('Access-Control-Allow-Origin: ' . $origin);
				header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
				header('Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range');

				if($method == 'OPTIONS') {
					header('Access-Control-Max-Age: 1728000');
					header('Content-Type: text/plain charset=UTF-8');
					header('Content-Length: 0');

					return $response->withStatus(204);
				}
			}

			return $next($request, $response);
		}
	}