mirror of
https://git.code.sf.net/p/seeddms/code
synced 2024-11-26 15:32:13 +00:00
add support for cors
This commit is contained in:
Uwe Steinmann
parent
fd7cca239a
commit
5dcafd65ce
|
|
@ -20,6 +20,25 @@ if(USE_PHP_SESSION) {
|
|||
exit;
|
||||
$dms->setUser($userobj);
|
||||
} else {
|
||||
$headers = apache_request_headers();
|
||||
if($settings->_apiOrigin && isset($headers['Origin'])) {
|
||||
$origins = explode(',', $settings->_apiOrigin);
|
||||
if(!in_array($headers['Origin'], $origins)) {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
if(isset($headers['Authorization']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
|
||||
if($settings->_apiKey == $headers['Authorization']) {
|
||||
if(!($userobj = $dms->getUser($settings->_apiUserId))) {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
require_once("../inc/inc.ClassSession.php");
|
||||
$session = new SeedDMS_Session($db);
|
||||
if (isset($_COOKIE["mydms_session"])) {
|
||||
|
|
@ -50,6 +69,7 @@ if(USE_PHP_SESSION) {
|
|||
}
|
||||
$dms->setUser($userobj);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
require "vendor/autoload.php";
|
||||
|
|
@ -2034,12 +2054,22 @@ function clearFolderAccessList($request, $response, $args) { /* {{{ */
|
|||
} /* }}} */
|
||||
|
||||
function echoData($request, $response) { /* {{{ */
|
||||
echo $request->getBody();
|
||||
return $response->withJson(array('success'=>true, 'message'=>'This is the result of the echo call.', 'data'=>''), 200);
|
||||
} /* }}} */
|
||||
|
||||
//$app = new Slim(array('mode'=>'development', '_session.handler'=>null));
|
||||
$app = new \Slim\App();
|
||||
|
||||
// Make CORS preflighted request possible
|
||||
$app->options('/{routes:.+}', function ($request, $response, $args) {
|
||||
return $response;
|
||||
});
|
||||
$app->add(function ($req, $res, $next) {
|
||||
$response = $next($req, $res);
|
||||
return $response
|
||||
->withHeader('Access-Control-Allow-Origin', $req->getHeader('Origin'))
|
||||
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
|
||||
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
|
||||
});
|
||||
// use post for create operation
|
||||
// use get for retrieval operation
|
||||
// use put for update operation
|
||||
|
|
@ -2104,7 +2134,7 @@ $app->post('/categories', 'createCategory');
|
|||
$app->put('/categories/{id}/name', 'changeCategoryName');
|
||||
$app->get('/attributedefinitions', 'getAttributeDefinitions');
|
||||
$app->put('/attributedefinitions/{id}/name', 'changeAttributeDefinitionName');
|
||||
$app->any('/echo', 'echoData');
|
||||
$app->get('/echo', 'echoData');
|
||||
$app->run();
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user