diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:09:33 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:09:33 +0200 |
commit | 7a50fcebe62581614f6e5441f11adbc314d465ac (patch) | |
tree | 9efc70267f0919a7326ae0189e0398c1745a9202 | |
parent | 358b3445c647f94373023f669e1b7620bc983d71 (diff) |
trying to fix cors
-rw-r--r-- | external/newsapi.php | 5 | ||||
-rw-r--r-- | middleware/corsmiddleware.php | 10 |
2 files changed, 10 insertions, 5 deletions
diff --git a/external/newsapi.php b/external/newsapi.php index 388cdd116..2b250f5b4 100644 --- a/external/newsapi.php +++ b/external/newsapi.php @@ -80,13 +80,10 @@ class NewsAPI extends Controller { public function cors() { // needed for webapps access due to cross origin request policy $response = new Response(); - $response->setStatus(Http::STATUS_UNAUTHORIZED); $response->addHeader('Access-Control-Allow-Origin', '*'); $response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE'); $response->addHeader('Access-Control-Allow-Credentials', 'true'); - $response->addHeader('Access-Control-Allow-Headers', 'Authorization'); - $response->addHeader('Access-Control-Max-Age', '1728000'); - $response->addHeader('WWW-Authenticate', 'Basic realm="ownCloud News"'); + $response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type'); return $response; } diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php index 8e4c5b4a0..ef9fe2e5a 100644 --- a/middleware/corsmiddleware.php +++ b/middleware/corsmiddleware.php @@ -24,12 +24,20 @@ namespace OCA\News\Middleware; +use OCA\AppFramework\Http\Request; use OCA\AppFramework\Http\Response; use OCA\AppFramework\Middleware\Middleware; use OCA\AppFramework\Utility\MethodAnnotationReader; + class CORSMiddleware extends Middleware { + private $request; + + public function __construct(Request $request) { + $this->request = $request; + } + /** * This is being run after a successful controllermethod call and allows @@ -44,7 +52,7 @@ class CORSMiddleware extends Middleware { public function afterController($controller, $methodName, Response $response){ $annotationReader = new MethodAnnotationReader($controller, $methodName); if($annotationReader->hasAnnotation('API')) { - $response->addHeader('Access-Control-Allow-Origin', '*'); + $response->addHeader('Access-Control-Allow-Origin', $request->server['Origin']); $response->addHeader('Access-Control-Allow-Credentials', 'true'); } return $response; |