diff options
-rw-r--r-- | external/newsapi.php | 2 | ||||
-rw-r--r-- | middleware/corsmiddleware.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/external/newsapi.php b/external/newsapi.php index 2ecd7e974..067334008 100644 --- a/external/newsapi.php +++ b/external/newsapi.php @@ -79,7 +79,7 @@ class NewsAPI extends Controller { */ public function cors() { // needed for webapps access due to cross origin request policy - if(array_key_exists('Origin', $this->request->server)) { + if(isset($this->request->server['Origin'])) { $origin = $this->request->server['Origin']; } else { $origin = '*'; diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php index e0d3e23ad..187696de6 100644 --- a/middleware/corsmiddleware.php +++ b/middleware/corsmiddleware.php @@ -53,13 +53,13 @@ class CORSMiddleware extends Middleware { $annotationReader = new MethodAnnotationReader($controller, $methodName); // only react if its an API request and if the request sends origin - if(array_key_exists('Origin', $this->request->server) && + if(isset($this->request->server['Origin']) && $annotationReader->hasAnnotation('API')) { $origin = $this->request->server['Origin']; $response->addHeader('Access-Control-Allow-Origin', $origin); $response->addHeader('Access-Control-Allow-Credentials', 'true'); - + } return $response; } |