OilfieldToolsNet/shlink
4
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improved CrossDomainMiddleware by allowing the same origin that was requested

Browse Source
This commit is contained in:
Alejandro Celaya 2016-07-19 22:38:14 +02:00
parent 839329d627
commit e28e984278
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
module/Rest/src/Middleware/CrossDomainMiddleware.php
View File

@ -41,18 +41,17 @@ class CrossDomainMiddleware implements MiddlewareInterface
} }
// Add Allow-Origin header // Add Allow-Origin header
$response = $response->withHeader('Access-Control-Allow-Origin', '*'); $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'));
if ($request->getMethod() !== 'OPTIONS') { if ($request->getMethod() !== 'OPTIONS') {
return $response; return $response;
} }
// Add OPTIONS-specific headers // Add OPTIONS-specific headers
$headers = [ foreach ([
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS', // TODO Should be based on path 'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS', // TODO Should be based on path
'Access-Control-Max-Age' => '1000', 'Access-Control-Max-Age' => '1000',
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'), 'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
]; ] as $key => $value) {
foreach ($headers as $key => $value) {
$response = $response->withHeader($key, $value); $response = $response->withHeader($key, $value);
} }