diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:18:30 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:18:30 +0200 |
commit | e38237aa0c20ee505363588fdec89624acc30a92 (patch) | |
tree | d79bb5adee679b13af7b023316872642514d38f5 /external/newsapi.php | |
parent | 41e5ac53af522fec4891c7d37ae98e48cfad159a (diff) |
still trying to fix cors
Diffstat (limited to 'external/newsapi.php')
-rw-r--r-- | external/newsapi.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/external/newsapi.php b/external/newsapi.php index 1457ec048..2400041cb 100644 --- a/external/newsapi.php +++ b/external/newsapi.php @@ -79,8 +79,14 @@ class NewsAPI extends Controller { */ public function cors() { // needed for webapps access due to cross origin request policy + if(array_key_exists('Origin', $this->request->server)) { + $allowed = $this->request->server['Origin']; + } else { + $allowed = '*'; + } + $response = new Response(); - $response->addHeader('Access-Control-Allow-Origin', $this->request->server['Origin']); + $response->addHeader('Access-Control-Allow-Origin', $allowed); $response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE'); $response->addHeader('Access-Control-Allow-Credentials', 'true'); $response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type'); |