summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBernhard Posselt <nukeawhale@gmail.com>2013-09-02 14:16:50 +0200
committerBernhard Posselt <nukeawhale@gmail.com>2013-09-02 14:16:50 +0200
commit41e5ac53af522fec4891c7d37ae98e48cfad159a (patch)
treedb0fae1125cf2f5d0d8747f04f589a38f7d37068
parentd795483ef5d3230c7841b93285e57f7996549722 (diff)
still trying to fix cors
Diffstat
-rw-r--r--dependencyinjection/dicontainer.php2
-rw-r--r--external/newsapi.php2
-rw-r--r--middleware/corsmiddleware.php9
3 files changed, 10 insertions, 3 deletions
diff --git a/dependencyinjection/dicontainer.php b/dependencyinjection/dicontainer.php
index 650a402e2..4d0d2d7ad 100644
--- a/dependencyinjection/dicontainer.php
+++ b/dependencyinjection/dicontainer.php
@@ -335,7 +335,7 @@ class DIContainer extends BaseContainer {
});
$this['CORSMiddleware'] = $this->share(function($c){
- return new CORSMiddleware();
+ return new CORSMiddleware($c['Request']);
});
}
diff --git a/external/newsapi.php b/external/newsapi.php
index 4a463ec9e..1457ec048 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -80,7 +80,7 @@ class NewsAPI extends Controller {
public function cors() {
// needed for webapps access due to cross origin request policy
$response = new Response();
- $response->addHeader('Access-Control-Allow-Origin', $request->server['Origin']);
+ $response->addHeader('Access-Control-Allow-Origin', $this->request->server['Origin']);
$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
$response->addHeader('Access-Control-Allow-Credentials', 'true');
$response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php
index ef9fe2e5a..7bde0a891 100644
--- a/middleware/corsmiddleware.php
+++ b/middleware/corsmiddleware.php
@@ -51,8 +51,15 @@ class CORSMiddleware extends Middleware {
*/
public function afterController($controller, $methodName, Response $response){
$annotationReader = new MethodAnnotationReader($controller, $methodName);
+
+ if(array_key_exists('Origin', $this->request->server)) {
+ $allowed = $this->request->server['Origin'];
+ } else {
+ $allowed = '*';
+ }
+
if($annotationReader->hasAnnotation('API')) {
- $response->addHeader('Access-Control-Allow-Origin', $request->server['Origin']);
+ $response->addHeader('Access-Control-Allow-Origin', $allowed);
$response->addHeader('Access-Control-Allow-Credentials', 'true');
}
return $response;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 11:18:29 +0000