From 41e5ac53af522fec4891c7d37ae98e48cfad159a Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Mon, 2 Sep 2013 14:16:50 +0200
Subject: still trying to fix cors

---
 dependencyinjection/dicontainer.php | 2 +-
 external/newsapi.php                | 2 +-
 middleware/corsmiddleware.php       | 9 ++++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php
index 650a402e2..4d0d2d7ad 100644
--- a/dependencyinjection/dicontainer.php
+++ b/dependencyinjection/dicontainer.php
@@ -335,7 +335,7 @@ class DIContainer extends BaseContainer {
 		});
 
 		$this['CORSMiddleware'] = $this->share(function($c){
-			return new CORSMiddleware();
+			return new CORSMiddleware($c['Request']);
 		});		
 
 	}
diff --git a/external/newsapi.php b/external/newsapi.php
index 4a463ec9e..1457ec048 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -80,7 +80,7 @@ class NewsAPI extends Controller {
 	public function cors() {
 		// needed for webapps access due to cross origin request policy
 		$response = new Response();
-		$response->addHeader('Access-Control-Allow-Origin', $request->server['Origin']);
+		$response->addHeader('Access-Control-Allow-Origin', $this->request->server['Origin']);
 		$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
 		$response->addHeader('Access-Control-Allow-Credentials', 'true');
 		$response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php
index ef9fe2e5a..7bde0a891 100644
--- a/middleware/corsmiddleware.php
+++ b/middleware/corsmiddleware.php
@@ -51,8 +51,15 @@ class CORSMiddleware extends Middleware {
 	 */
 	public function afterController($controller, $methodName, Response $response){
 		$annotationReader = new MethodAnnotationReader($controller, $methodName);
+
+		if(array_key_exists('Origin', $this->request->server)) {
+			$allowed = $this->request->server['Origin'];
+		} else {
+			$allowed = '*';
+		}
+
 		if($annotationReader->hasAnnotation('API')) {
-			$response->addHeader('Access-Control-Allow-Origin', $request->server['Origin']);
+			$response->addHeader('Access-Control-Allow-Origin', $allowed);
 			$response->addHeader('Access-Control-Allow-Credentials', 'true');
 		}
 		return $response;
-- 
cgit v1.2.3