From e3512c977a7c4f05207bb312f97dafd1e50f62ed Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <nukeawhale@gmail.com>
Date: Mon, 2 Sep 2013 14:34:58 +0200
Subject: still trying to fix cors

---
 middleware/corsmiddleware.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'middleware')

diff --git a/middleware/corsmiddleware.php b/middleware/corsmiddleware.php
index 7bde0a891..e0d3e23ad 100644
--- a/middleware/corsmiddleware.php
+++ b/middleware/corsmiddleware.php
@@ -52,15 +52,14 @@ class CORSMiddleware extends Middleware {
 	public function afterController($controller, $methodName, Response $response){
 		$annotationReader = new MethodAnnotationReader($controller, $methodName);
 
-		if(array_key_exists('Origin', $this->request->server)) {
-			$allowed = $this->request->server['Origin'];
-		} else {
-			$allowed = '*';
-		}
+		// only react if its an API request and if the request sends origin
+		if(array_key_exists('Origin', $this->request->server) &&
+			$annotationReader->hasAnnotation('API')) {
 
-		if($annotationReader->hasAnnotation('API')) {
-			$response->addHeader('Access-Control-Allow-Origin', $allowed);
+			$origin = $this->request->server['Origin'];
+			$response->addHeader('Access-Control-Allow-Origin', $origin);
 			$response->addHeader('Access-Control-Allow-Credentials', 'true');
+			
 		}
 		return $response;
 	}
-- 
cgit v1.2.3