summaryrefslogtreecommitdiffstats
path: root/middleware
diff options
context:
space:
mode:
Diffstat (limited to 'middleware')
-rw-r--r--middleware/corsmiddleware.php13
1 files changed, 6 insertions, 7 deletions
diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php
index 7bde0a891..e0d3e23ad 100644
--- a/middleware/corsmiddleware.php
+++ b/middleware/corsmiddleware.php
@@ -52,15 +52,14 @@ class CORSMiddleware extends Middleware {
public function afterController($controller, $methodName, Response $response){
$annotationReader = new MethodAnnotationReader($controller, $methodName);
- if(array_key_exists('Origin', $this->request->server)) {
- $allowed = $this->request->server['Origin'];
- } else {
- $allowed = '*';
- }
+ // only react if its an API request and if the request sends origin
+ if(array_key_exists('Origin', $this->request->server) &&
+ $annotationReader->hasAnnotation('API')) {
- if($annotationReader->hasAnnotation('API')) {
- $response->addHeader('Access-Control-Allow-Origin', $allowed);
+ $origin = $this->request->server['Origin'];
+ $response->addHeader('Access-Control-Allow-Origin', $origin);
$response->addHeader('Access-Control-Allow-Credentials', 'true');
+
}
return $response;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 23:15:13 +0000