From: ArthurHoaro <arthur@hoa.ro>
Date: Thu, 20 Sep 2018 21:34:59 +0000 (+0200)
Subject: Merge pull request #1207 from ArthurHoaro/feature/cors
X-Git-Tag: v0.10.3~2^2~17
X-Git-Url: https://git.immae.eu/?p=github%2Fshaarli%2FShaarli.git;a=commitdiff_plain;h=4adeffd7f427580bba6f7656360850d4460c1f1d;hp=a4fbe88b6d007094fa395b17802e593ecca0588b

Merge pull request #1207 from ArthurHoaro/feature/cors

Add CORS headers to REST API responses
---

diff --git a/index.php b/index.php
index eb717536..0ef33633 100644
--- a/index.php
+++ b/index.php
@@ -1859,6 +1859,7 @@ $app->group('/api/v1', function() {
 })->add('\Shaarli\Api\ApiMiddleware');
 
 $response = $app->run(true);
+
 // Hack to make Slim and Shaarli router work together:
 // If a Slim route isn't found and NOT API call, we call renderPage().
 if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1866,5 +1867,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
     header('Content-Type: text/html; charset=utf-8');
     renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
 } else {
+    $response = $response
+        ->withHeader('Access-Control-Allow-Origin', '*')
+        ->withHeader(
+            'Access-Control-Allow-Headers',
+            'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+        )
+        ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
     $app->respond($response);
 }