From: ArthurHoaro Date: Mon, 13 Aug 2018 10:21:10 +0000 (+0200) Subject: Add CORS headers to REST API responses X-Git-Tag: v0.10.3~2^2~17^2 X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=5d9bc40d7e48b8ac4829f9101f85b849d9199fa3;p=github%2Fshaarli%2FShaarli.git Add CORS headers to REST API responses Fixes #1174 --- diff --git a/index.php b/index.php index 4b86a3e2..9c1e4999 100644 --- a/index.php +++ b/index.php @@ -1858,6 +1858,7 @@ $app->group('/api/v1', function() { })->add('\Shaarli\Api\ApiMiddleware'); $response = $app->run(true); + // Hack to make Slim and Shaarli router work together: // If a Slim route isn't found and NOT API call, we call renderPage(). if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { @@ -1865,5 +1866,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v header('Content-Type: text/html; charset=utf-8'); renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); } else { + $response = $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader( + 'Access-Control-Allow-Headers', + 'X-Requested-With, Content-Type, Accept, Origin, Authorization' + ) + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); $app->respond($response); }