add cors for API

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-28 23:09:07 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-08-28 23:09:07 +0200
commit: 9e2975c629265befdd425346ed4080d200343ce4 (patch)
tree: 6f7ce5e65c4fd761ca365dc765a2b8ab930c900a /external
parent: 2f67340e551b12dce8824381c3291bb2137857cb (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/external/newsapi.php b/external/newsapi.php
index 07b87f040..8a9dfc2e5 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -29,6 +29,7 @@ use \OCA\AppFramework\Core\API;
 use \OCA\AppFramework\Controller\Controller;
 use \OCA\AppFramework\Http\Request;
 use \OCA\AppFramework\Http\JSONResponse;
+use \OCA\AppFramework\Http\Response;
 
 use \OCA\News\Utility\Updater;
 
@@ -65,4 +66,22 @@ class NewsAPI extends Controller {
 		$this->updater->cleanUp();
 	}
 
+
+	/**
+	 * @IsAdminExemption
+	 * @IsSubAdminExemption
+	 * @CSRFExemption
+	 * @IsLoggedInExemption
+	 * @Ajax
+	 */
+	public function cors() {
+		// needed for webapps access due to cross origin request policy
+		$response = new Response();
+		$response->addHeader('Access-Control-Allow-Origin', '*');
+		$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
+		$response->addHeader('Access-Control-Allow-Credentials', 'true');
+		return $response;
+	}
+
+
 }
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-28 23:09:07 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-08-28 23:09:07 +0200
commit	9e2975c629265befdd425346ed4080d200343ce4 (patch)
tree	6f7ce5e65c4fd761ca365dc765a2b8ab930c900a /external
parent	2f67340e551b12dce8824381c3291bb2137857cb (diff)