diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-28 23:09:07 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-08-28 23:09:07 +0200 |
commit | 9e2975c629265befdd425346ed4080d200343ce4 (patch) | |
tree | 6f7ce5e65c4fd761ca365dc765a2b8ab930c900a | |
parent | 2f67340e551b12dce8824381c3291bb2137857cb (diff) |
add cors for API
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | appinfo/routes.php | 8 | ||||
-rw-r--r-- | external/newsapi.php | 19 | ||||
-rw-r--r-- | tests/unit/external/NewsAPITest.php | 18 |
4 files changed, 46 insertions, 0 deletions
@@ -2,6 +2,7 @@ owncloud-news (1.401) * Add possibility to hook up article enhancers which fetch article content directly from the web page * Add article enhancer for explosm.net to directly fetch comics * Possible backwards incompatible change by using the link provided by simplepie instead of the user for the url hash. This prevents duplication of the feed when adding a slightly different feed url which points to the same feed and allows a speedup from O(n) to O(1) for article enhanchers +* Add an option route for the API which handles the CORS headers to allow webapplications to access the API owncloud-news (1.206) * Also handle URLErrors in updater script that are thrown when the domain of a feed is not found diff --git a/appinfo/routes.php b/appinfo/routes.php index a61eb33b0..c50f13fc1 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -275,6 +275,14 @@ $this->create('news_api_folders_read', '/api/v1-2/folders/{folderId}/read')->put /** * Feed API */ + +$this->create('news_api_cors', '/api/v1-2/{path}')->method('options')->action( + function($params) { + return App::main('NewsAPI', 'cors', $params, new DIContainer()); + } +)->requirements(array('path', '.+')); + + $this->create('news_api_feeds_get_all', '/api/v1-2/feeds')->get()->action( function($params) { return App::main('FeedAPI', 'getAll', $params, new DIContainer()); diff --git a/external/newsapi.php b/external/newsapi.php index 07b87f040..8a9dfc2e5 100644 --- a/external/newsapi.php +++ b/external/newsapi.php @@ -29,6 +29,7 @@ use \OCA\AppFramework\Core\API; use \OCA\AppFramework\Controller\Controller; use \OCA\AppFramework\Http\Request; use \OCA\AppFramework\Http\JSONResponse; +use \OCA\AppFramework\Http\Response; use \OCA\News\Utility\Updater; @@ -65,4 +66,22 @@ class NewsAPI extends Controller { $this->updater->cleanUp(); } + + /** + * @IsAdminExemption + * @IsSubAdminExemption + * @CSRFExemption + * @IsLoggedInExemption + * @Ajax + */ + public function cors() { + // needed for webapps access due to cross origin request policy + $response = new Response(); + $response->addHeader('Access-Control-Allow-Origin', '*'); + $response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE'); + $response->addHeader('Access-Control-Allow-Credentials', 'true'); + return $response; + } + + } diff --git a/tests/unit/external/NewsAPITest.php b/tests/unit/external/NewsAPITest.php index e350f455f..dae2eb43f 100644 --- a/tests/unit/external/NewsAPITest.php +++ b/tests/unit/external/NewsAPITest.php @@ -91,4 +91,22 @@ class NewsAPITest extends ControllerTestUtility { } + public function testCorsAnnotations(){ + $annotations = array('IsAdminExemption', 'IsSubAdminExemption', + 'Ajax', 'CSRFExemption', 'IsLoggedInExemption'); + $this->assertAnnotations($this->newsAPI, 'cors', $annotations); + } + + + public function testCors() { + $response = $this->newsAPI->cors(); + + $headers = $response->getHeaders(); + + $this->assertEquals('*', $headers['Access-Control-Allow-Origin']); + $this->assertEquals('PUT, POST, GET, DELETE', $headers['Access-Control-Allow-Methods']); + $this->assertEquals('true', $headers['Access-Control-Allow-Credentials']); + } + + } |