diff options
author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:34:58 +0200 |
---|---|---|
committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-09-02 14:34:58 +0200 |
commit | e3512c977a7c4f05207bb312f97dafd1e50f62ed (patch) | |
tree | 2674b19e8beba5c518147dcb6f424230b03c5dd4 /middleware | |
parent | e38237aa0c20ee505363588fdec89624acc30a92 (diff) |
still trying to fix cors
Diffstat (limited to 'middleware')
-rw-r--r-- | middleware/corsmiddleware.php | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php index 7bde0a891..e0d3e23ad 100644 --- a/middleware/corsmiddleware.php +++ b/middleware/corsmiddleware.php @@ -52,15 +52,14 @@ class CORSMiddleware extends Middleware { public function afterController($controller, $methodName, Response $response){ $annotationReader = new MethodAnnotationReader($controller, $methodName); - if(array_key_exists('Origin', $this->request->server)) { - $allowed = $this->request->server['Origin']; - } else { - $allowed = '*'; - } + // only react if its an API request and if the request sends origin + if(array_key_exists('Origin', $this->request->server) && + $annotationReader->hasAnnotation('API')) { - if($annotationReader->hasAnnotation('API')) { - $response->addHeader('Access-Control-Allow-Origin', $allowed); + $origin = $this->request->server['Origin']; + $response->addHeader('Access-Control-Allow-Origin', $origin); $response->addHeader('Access-Control-Allow-Credentials', 'true'); + } return $response; } |