aboutsummaryrefslogtreecommitdiffhomepage
path: root/index.php
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2018-08-13 12:21:10 +0200
committerArthurHoaro <arthur@hoa.ro>2018-08-13 12:21:10 +0200
commit5d9bc40d7e48b8ac4829f9101f85b849d9199fa3 (patch)
tree12512f16bbb0c970b8f3314ce44e9c051f40f45e /index.php
parent5de61c2ca74e1c43ebcd4aa2664d3b8875e3b712 (diff)
downloadShaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.tar.gz
Shaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.tar.zst
Shaarli-5d9bc40d7e48b8ac4829f9101f85b849d9199fa3.zip
Add CORS headers to REST API responses
Fixes #1174
Diffstat (limited to 'index.php')
-rw-r--r--index.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/index.php b/index.php
index 4b86a3e2..9c1e4999 100644
--- a/index.php
+++ b/index.php
@@ -1858,6 +1858,7 @@ $app->group('/api/v1', function() {
1858})->add('\Shaarli\Api\ApiMiddleware'); 1858})->add('\Shaarli\Api\ApiMiddleware');
1859 1859
1860$response = $app->run(true); 1860$response = $app->run(true);
1861
1861// Hack to make Slim and Shaarli router work together: 1862// Hack to make Slim and Shaarli router work together:
1862// If a Slim route isn't found and NOT API call, we call renderPage(). 1863// If a Slim route isn't found and NOT API call, we call renderPage().
1863if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) { 1864if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v1') === false) {
@@ -1865,5 +1866,12 @@ if ($response->getStatusCode() == 404 && strpos($_SERVER['REQUEST_URI'], '/api/v
1865 header('Content-Type: text/html; charset=utf-8'); 1866 header('Content-Type: text/html; charset=utf-8');
1866 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager); 1867 renderPage($conf, $pluginManager, $linkDb, $history, $sessionManager, $loginManager);
1867} else { 1868} else {
1869 $response = $response
1870 ->withHeader('Access-Control-Allow-Origin', '*')
1871 ->withHeader(
1872 'Access-Control-Allow-Headers',
1873 'X-Requested-With, Content-Type, Accept, Origin, Authorization'
1874 )
1875 ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
1868 $app->respond($response); 1876 $app->respond($response);
1869} 1877}