. * */ namespace OCA\News\Middleware; use OCA\AppFramework\Http\Request; use OCA\AppFramework\Http\Response; use OCA\AppFramework\Middleware\Middleware; use OCA\AppFramework\Utility\MethodAnnotationReader; class CORSMiddleware extends Middleware { private $request; public function __construct(Request $request) { $this->request = $request; } /** * This is being run after a successful controllermethod call and allows * the manipulation of a Response object. The middleware is run in reverse order * * @param Controller $controller the controller that is being called * @param string $methodName the name of the method that will be called on * the controller * @param Response $response the generated response from the controller * @return Response a Response object */ public function afterController($controller, $methodName, Response $response){ $annotationReader = new MethodAnnotationReader($controller, $methodName); // only react if its an API request and if the request sends origin if(isset($this->request->server['HTTP_ORIGIN']) && $annotationReader->hasAnnotation('API')) { $origin = $this->request->server['HTTP_ORIGIN']; $response->addHeader('Access-Control-Allow-Origin', $origin); $response->addHeader('Access-Control-Allow-Credentials', 'true'); } return $response; } }