diff options
Diffstat (limited to 'middleware/corsmiddleware.php')
-rw-r--r-- | middleware/corsmiddleware.php | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php index 7bde0a891..e0d3e23ad 100644 --- a/middleware/corsmiddleware.php +++ b/middleware/corsmiddleware.php @@ -52,15 +52,14 @@ class CORSMiddleware extends Middleware { public function afterController($controller, $methodName, Response $response){ $annotationReader = new MethodAnnotationReader($controller, $methodName); - if(array_key_exists('Origin', $this->request->server)) { - $allowed = $this->request->server['Origin']; - } else { - $allowed = '*'; - } + // only react if its an API request and if the request sends origin + if(array_key_exists('Origin', $this->request->server) && + $annotationReader->hasAnnotation('API')) { - if($annotationReader->hasAnnotation('API')) { - $response->addHeader('Access-Control-Allow-Origin', $allowed); + $origin = $this->request->server['Origin']; + $response->addHeader('Access-Control-Allow-Origin', $origin); $response->addHeader('Access-Control-Allow-Credentials', 'true'); + } return $response; } |