Laravel

How to overcome CORS correctly?

There are two applications: a vue.js client and a laravel backend. They work on the same machine and are distributed over different domains, the backend is cool on client.my (openserver), and the client is on localhost: 9000 (nodejs)
On the server side there is a middleware that allows cross-domain requests for all api requests.

public function handle($request, Closure $next)
  {
    \Debugbar::disable();
    header('Access-Control-Allow-Origin: *');
    return $next($request);
  }

In the client side, I send a request to api/cart/contacts using vue-resource (action in vuex)

addContacts ({ commit, state }, contacts) {
    Vue.http.options.emulateJSON = true
    Vue.http.options.emulateHTTP = true
    let data = JSON.stringify(contacts)
    Vue.http.post('http://client.my/api/cart/add_contacts', {contacts: data}).then(response => {
      console.log(123)
    }, response => {
      // error callback
    })
  },

Everything is OK - the data is sent and the promise is fulfilled, but after that I send a request to api/cart/complete

completeOrder ({ commit }) {
    /*
      Отпрвляем завершенный заказ на сервер
    */
    Vue.http.options.emulateJSON = true
    Vue.http.options.emulateHTTP = true
    Vue.http.post('http://client.my/api/cart/complete').then(response => {
     // Очистка корзины
      commit('set', { type: 'cart', items: [] })
    }, response => {
      // error callback
    })
  },

An error pops up

Failed to load client.my/api/cart/complete: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' localhost:9000 ' is therefore not allowed access.

Both methods (both contacts and complete) do not return anything and work without errors 100% Tried to just leave them empty, the first one goes through normally, the second unfolds.
Client
https://github.com/slowdream/client_vue/tree/master/src
Backend
https://github.com/slowdream/client