still trying to fix cors

author: Bernhard Posselt <nukeawhale@gmail.com> 2013-09-02 14:34:58 +0200
committer: Bernhard Posselt <nukeawhale@gmail.com> 2013-09-02 14:34:58 +0200
commit: e3512c977a7c4f05207bb312f97dafd1e50f62ed (patch)
tree: 2674b19e8beba5c518147dcb6f424230b03c5dd4 /middleware
parent: e38237aa0c20ee505363588fdec89624acc30a92 (diff)
1 files changed, 6 insertions, 7 deletions
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php
index 7bde0a891..e0d3e23ad 100644
--- a/middleware/corsmiddleware.php
+++ b/middleware/corsmiddleware.php
@@ -52,15 +52,14 @@ class CORSMiddleware extends Middleware {
 	public function afterController($controller, $methodName, Response $response){
 		$annotationReader = new MethodAnnotationReader($controller, $methodName);
 
-		if(array_key_exists('Origin', $this->request->server)) {
-			$allowed = $this->request->server['Origin'];
-		} else {
-			$allowed = '*';
-		}
+		// only react if its an API request and if the request sends origin
+		if(array_key_exists('Origin', $this->request->server) &&
+			$annotationReader->hasAnnotation('API')) {
 
-		if($annotationReader->hasAnnotation('API')) {
-			$response->addHeader('Access-Control-Allow-Origin', $allowed);
+			$origin = $this->request->server['Origin'];
+			$response->addHeader('Access-Control-Allow-Origin', $origin);
 			$response->addHeader('Access-Control-Allow-Credentials', 'true');
+			
 		}
 		return $response;
 	}
author	Bernhard Posselt <nukeawhale@gmail.com>	2013-09-02 14:34:58 +0200
committer	Bernhard Posselt <nukeawhale@gmail.com>	2013-09-02 14:34:58 +0200
commit	e3512c977a7c4f05207bb312f97dafd1e50f62ed (patch)
tree	2674b19e8beba5c518147dcb6f424230b03c5dd4 /middleware
parent	e38237aa0c20ee505363588fdec89624acc30a92 (diff)