gistfile1.txt

$app->before(function(Request $request, Application $app) {
    $pathInfo = $request->getPathInfo();

    $openRoutes = [
        '/v1/auth/login',
    ];

    if(in_array($pathInfo, $openRoutes)) {
        return true;
    }

    $token = $request->headers->get('Authorization');

    $guardian = $app['guardian'];

    $validToken = $guardian->validateToken($token);

    if (!$validToken) {
        return new JsonResponse('Acesso negado', HttpCodes::UNAUTHORIZED);
    }

    $app['ClientToken'] = strval($validToken);
});

$app->after(function(Request $request, Response $response, Application $app) {
    if(isset($app['ClientToken'])) {
        $response->headers->set('ClientToken', $app['ClientToken']);
    }

//    $response->headers->set('Access-Control-Allow-Origin', '*');
    $response->headers->set('Access-Control-Allow-Origin', 'http://localhost:8080');
    $response->headers->set('Access-Control-Allow-Origin', 'http://localhost:8100');
    $response->headers->set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
});