mirrors/shlink
1
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-03-14 04:00:57 +03:00
Code Issues Projects Releases Packages Wiki Activity

Improved CrossDomainMiddleware by allowing the same origin that was requested

Browse source
This commit is contained in:
Alejandro Celaya 2016-07-19 22:38:14 +02:00
parent 839329d627
commit e28e984278
1 changed files with 6 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
module/Rest/src/Middleware/CrossDomainMiddleware.php
View file

@ -41,18 +41,17 @@ class CrossDomainMiddleware implements MiddlewareInterface
}
// Add Allow-Origin header
$response = $response->withHeader('Access-Control-Allow-Origin', '*');
$response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'));
if ($request->getMethod() !== 'OPTIONS') {
return $response;
}
// Add OPTIONS-specific headers
$headers = [
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS', // TODO Should be based on path
'Access-Control-Max-Age' => '1000',
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
];
foreach ($headers as $key => $value) {
foreach ([
'Access-Control-Allow-Methods' => 'GET, POST, PUT, DELETE, OPTIONS', // TODO Should be based on path
'Access-Control-Max-Age' => '1000',
'Access-Control-Allow-Headers' => $request->getHeaderLine('Access-Control-Request-Headers'),
] as $key => $value) {
$response = $response->withHeader($key, $value);
}