Because lumen does not allow OPTIONS method and will return status response 405 MethodNotAllowed unless you explicitly add it your routes $app->options('my-route', function(){}), that is why the request do not hit the middleware. in my case this was happening using react and I was stuck for almost one hour trying to figure out what was wrong, until I found this and everything make sense.
But this service provider was not working without adding extra headers apparently the preflight request need this headers in response as well:
- Access-Control-Allow-Origin: *
- Access-Control-Allow-Headers: Content-Type, Origin
Otherwise I would the following errors:
- Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'my-host' is therefore not allowed access.
- Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response
But following this amazing CORS tutorial: http://www.html5rocks.com/en/tutorials/cors/ changed the original files to make them work. Tested in Lumen 5.2