Preflight issue in Angular Laravel App when using query string

I'm getting a preflight error on particular endpoint in my Angular - Laravel app:

XMLHttpRequest cannot load http://ift.tt/29gYY02. Response for preflight is invalid (redirect)

When I remove the query params and just return hello from Laravel, it works.

If I return UserQuestion::with(['category', 'explanation'])->get(); from Laravel, I get error:

XMLHttpRequest cannot load http://ift.tt/29hR4jt. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://dde.localhost' is therefore not allowed access. The response had HTTP status code 500.

This is odd as I am allowing all requests to come through.

Angular:

        var filters = {
            'review[]' : ['yes', 'no'],
            'user_id[]' : [$rootScope.me.id]
        };
        getUserQuestions: function () {
            var qs = $httpParamSerializer(filters);
            return $http({
                method: 'GET',
                url: url + ver + '/userquestions/?' + qs,
                headers: Auth.getOAuthHeader(),
                cache: true
            });
        },

Laravel:

Route::group(['middleware' => 'cors'], function(Router $router) {
    $router->group(['prefix' => App\Http\Controllers\Controller::API_VERSION], function(Router $router) {
        $router->group(['middleware' => 'oauth'], function(Router $router) {

            // ROUTE
            $router->get('/userquestions', 'Resources\UserQuestions@getUserQuestions');

Controller:

public function getUserQuestions(Request $request)
{
    return 'hello';
}

Laravel BarryDVH CORS:

CORS.php middleware:

public function handle($request, Closure $next)
{
    return $next($request)->header('Access-Control-Allow-Origin' , '*')
        ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
        ->header('Access-Control-Allow-Headers', 'Content-Type, Accept, Authorization, X-Requested-With');
}

CORS config:

return [
    'supportsCredentials' => false,
    'allowedOrigins' => ['*'],
    'allowedHeaders' => ['*'],
    'allowedMethods' => ['GET', 'POST', 'PUT',  'DELETE'],
    'exposedHeaders' => [],
    'maxAge' => 0,
    'hosts' => [],
];

I also thought it may also be due to preflight options set by Angular, so I removed those in app.config:

    $httpProvider.defaults.useXDomain = true;
    $httpProvider.defaults.headers.common = {};
    $httpProvider.defaults.headers.post = {};
    $httpProvider.defaults.headers.put = {};
    $httpProvider.defaults.headers.patch = {};

This only seems to be happening on this route, so I am totally stumped as to why it's happening.

via Chebli Mohamed