Merge pull request #1207 from ArthurHoaro/feature/cors

Add CORS headers to REST API responses
This commit is contained in:
ArthurHoaro 2018-09-20 23:34:59 +02:00 committed by GitHub
commit 4adeffd7f4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1859,6 +1859,7 @@ function install($conf, $sessionManager, $loginManager) {
})->add('\Shaarli\Api\ApiMiddleware');
$response = $app->run(true);
// Hack to make Slim and Shaarli router work together:
// If a Slim route isn't found and NOT API call, we call renderPage().
if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@ -1866,5 +1867,12 @@ function install($conf, $sessionManager, $loginManager) {
header('Content-Type: text/html; charset=utf-8');
renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
} else {
$response = $response
->withHeader('Access-Control-Allow-Origin', '*')
->withHeader(
'Access-Control-Allow-Headers',
'X-Requested-With, Content-Type, Accept, Origin, Authorization'
)
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
$app->respond($response);
}