aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2018-09-20 23:34:59 +0200
committerGitHub <noreply@github.com>2018-09-20 23:34:59 +0200
commit4adeffd7f427580bba6f7656360850d4460c1f1d (patch)
tree2ef89e3edea156bb7f70b393ef1e343ea8a9680c
parenta4fbe88b6d007094fa395b17802e593ecca0588b (diff)
parent5d9bc40d7e48b8ac4829f9101f85b849d9199fa3 (diff)
downloadShaarli-4adeffd7f427580bba6f7656360850d4460c1f1d.tar.gz
Shaarli-4adeffd7f427580bba6f7656360850d4460c1f1d.tar.zst
Shaarli-4adeffd7f427580bba6f7656360850d4460c1f1d.zip
Merge pull request #1207 from ArthurHoaro/feature/cors
Add CORS headers to REST API responses
-rw-r--r--index.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/index.php b/index.php
index eb717536..0ef33633 100644
--- a/index.php
+++ b/index.php
@@ -1859,6 +1859,7 @@ $app->group('/api/v1', function() {
1859})->add('\Shaarli\Api\ApiMiddleware'); 1859})->add('\Shaarli\Api\ApiMiddleware');
1860 1860
1861$response = $app->run(true); 1861$response = $app->run(true);
1862
1862// Hack to make Slim and Shaarli router work together: 1863// Hack to make Slim and Shaarli router work together:
1863// If a Slim route isn't found and NOT API call, we call renderPage(). 1864// If a Slim route isn't found and NOT API call, we call renderPage().
1864if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { 1865if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1866,5 +1867,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
1866 header('Content-Type: text/html; charset=utf-8'); 1867 header('Content-Type: text/html; charset=utf-8');
1867 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); 1868 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
1868} else { 1869} else {
1870 $response = $response
1871 ->withHeader('Access-Control-Allow-Origin', '*')
1872 ->withHeader(
1873 'Access-Control-Allow-Headers',
1874 'X-Requested-With, Content-Type, Accept, Origin, Authorization'
1875 )
1876 ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
1869 $app->respond($response); 1877 $app->respond($response);
1870} 1878}