From e38237aa0c20ee505363588fdec89624acc30a92 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Mon, 2 Sep 2013 14:18:30 +0200
Subject: still trying to fix cors

---
 external/newsapi.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'external')

diff --git a/external/newsapi.php b/external/newsapi.php
index 1457ec048..2400041cb 100644
--- a/external/newsapi.php
+++ b/external/newsapi.php
@@ -79,8 +79,14 @@ class NewsAPI extends Controller {
 	 */
 	public function cors() {
 		// needed for webapps access due to cross origin request policy
+		if(array_key_exists('Origin', $this->request->server)) {
+			$allowed = $this->request->server['Origin'];
+		} else {
+			$allowed = '*';
+		}
+
 		$response = new Response();
-		$response->addHeader('Access-Control-Allow-Origin', $this->request->server['Origin']);
+		$response->addHeader('Access-Control-Allow-Origin', $allowed);
 		$response->addHeader('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE');
 		$response->addHeader('Access-Control-Allow-Credentials', 'true');
 		$response->addHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type');
-- 
cgit v1.2.3