still trying to fix cors

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-09-02 14:18:30 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-09-02 14:18:30 +0200
commit: e38237aa0c20ee505363588fdec89624acc30a92 (patch)
tree: d79bb5adee679b13af7b023316872642514d38f5
parent: 41e5ac53af522fec4891c7d37ae98e48cfad159a (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/external/newsapi.php b/external/newsapi.php
index 1457ec048..2400041cb 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -79,8 +79,14 @@ class NewsAPI extends Controller {
 	 */
 	public function cors() {
 		// needed for webapps access due to cross origin request policy
+		if(array_key_exists('Origin', $this->request->server)) {
+			$allowed = $this->request->server['Origin'];
+		} else {
+			$allowed = '*';
+		}
+
 		$response = new Response();
-		$response->addHeader('Access-Control-Allow-Origin', $this->request->server['Origin']);
+		$response->addHeader('Access-Control-Allow-Origin', $allowed);
 		$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
 		$response->addHeader('Access-Control-Allow-Credentials', 'true');
 		$response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-09-02 14:18:30 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-09-02 14:18:30 +0200
commit	e38237aa0c20ee505363588fdec89624acc30a92 (patch)
tree	d79bb5adee679b13af7b023316872642514d38f5
parent	41e5ac53af522fec4891c7d37ae98e48cfad159a (diff)