CORS

How does CORS work in Laravel 5?

Hello! I am developing a public API and a client for it in AngularJS. Faced a problem with CORS.
I made this middelwar:

<?php

namespace App\Http\Middleware;

use Closure;

class CorsMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        return $next($request)->header('Access-Control-Allow-Origin' , '*')
            ->header('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD')
            ->header('Access-Control-Allow-Headers', 'Authorization');
    }
}

But I am getting an error:

XMLHttpRequest cannot load http://api.v1.example.local/signup. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'http://german-front.local' is therefore not allowed access.

And if you add to .htaccess

<IfModule mod_headers.c>
   Header set Access-Control-Allow-Origin "*"
   Header set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, PATCH, HEAD"
</IfModule>

then everything works. It would seem that it works - let it work. But it is interesting to find out why this is only happening? Who thinks what?
Ps I noticed a strange feature. When OPTIONS is sent, the headers are returned, but the subsequent POST request does not receive the necessary headers..