diff options
author | ArthurHoaro <arthur@hoa.ro> | 2018-08-13 12:21:10 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2018-08-13 12:21:10 +0200 |
commit | 5d9bc40d7e48b8ac4829f9101f85b849d9199fa3 (patch) | |
tree | 12512f16bbb0c970b8f3314ce44e9c051f40f45e | |
parent | 5de61c2ca74e1c43ebcd4aa2664d3b8875e3b712 (diff) | |
download | Shaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.tar.gz Shaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.tar.zst Shaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.zip |
Add CORS headers to REST API responses
Fixes #1174
-rw-r--r-- | index.php | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1858,6 +1858,7 @@ $app->group('/api/v1', function() { | |||
1858 | })->add('\Shaarli\Api\ApiMiddleware'); | 1858 | })->add('\Shaarli\Api\ApiMiddleware'); |
1859 | 1859 | ||
1860 | $response = $app->run(true); | 1860 | $response = $app->run(true); |
1861 | |||
1861 | // Hack to make Slim and Shaarli router work together: | 1862 | // Hack to make Slim and Shaarli router work together: |
1862 | // If a Slim route isn't found and NOT API call, we call renderPage(). | 1863 | // If a Slim route isn't found and NOT API call, we call renderPage(). |
1863 | if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { | 1864 | if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { |
@@ -1865,5 +1866,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v | |||
1865 | header('Content-Type: text/html; charset=utf-8'); | 1866 | header('Content-Type: text/html; charset=utf-8'); |
1866 | renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); | 1867 | renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); |
1867 | } else { | 1868 | } else { |
1869 | $response = $response | ||
1870 | ->withHeader('Access-Control-Allow-Origin', '*') | ||
1871 | ->withHeader( | ||
1872 | 'Access-Control-Allow-Headers', | ||
1873 | 'X-Requested-With, Content-Type, Accept, Origin, Authorization' | ||
1874 | ) | ||
1875 | ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS'); | ||
1868 | $app->respond($response); | 1876 | $app->respond($response); |
1869 | } | 1877 | } |