CORS headers for auth

mevdschee · mevdschee · commit 42e5f8aecd37 · 2017-02-12T23:44:01.000+01:00
diff --git a/api.php b/api.php
@@ -2292,21 +2292,20 @@ protected function swagger($settings) {
 	}
 
 	protected function allowOrigin($origin,$allowOrigins) {
-		if ($allowOrigins=='*') {
-			header('Access-Control-Allow-Origin: *');
-		} else {
-			if ($origin) foreach (explode(',',$allowOrigins) as $o) {
-				if (preg_match('/^'.str_replace('\*','.*',preg_quote(strtolower(trim($o)))).'$/',$origin)) { 
-					header('Access-Control-Allow-Origin: '.$origin);
-					break;
-				}
+		if ($origin) foreach (explode(',',$allowOrigins) as $o) {
+			if (preg_match('/^'.str_replace('\*','.*',preg_quote(strtolower(trim($o)))).'$/',$origin)) { 
+				header('Access-Control-Allow-Origin: '.$origin);
+				break;
 			}
+		} else {
+			header('Access-Control-Allow-Origin: *');
 		}
 	}
 
 	public function executeCommand() {
 		if (isset($_SERVER['REQUEST_METHOD'])) {
 			$this->allowOrigin($this->settings['origin'],$this->settings['allow_origin']);
+			header('Access-Control-Allow-Credentials: true');
 		}
 		if (!$this->settings['request']) {
 			$this->swagger($this->settings);

Original file line number	Diff line number	Diff line change
`@@ -2292,21 +2292,20 @@ protected function swagger($settings) {`
`2292`	`2292`	`}`
`2293`	`2293`
`2294`	`2294`	`protected function allowOrigin($origin,$allowOrigins) {`
`2295`		`- if ($allowOrigins=='*') {`
`2296`		`- header('Access-Control-Allow-Origin: *');`
`2297`		`- } else {`
`2298`		`- if ($origin) foreach (explode(',',$allowOrigins) as $o) {`
`2299`		`- if (preg_match('/^'.str_replace('\','.',preg_quote(strtolower(trim($o)))).'$/',$origin)) {`
`2300`		`- header('Access-Control-Allow-Origin: '.$origin);`
`2301`		`- break;`
`2302`		`- }`
	`2295`	`+ if ($origin) foreach (explode(',',$allowOrigins) as $o) {`
	`2296`	`+ if (preg_match('/^'.str_replace('\','.',preg_quote(strtolower(trim($o)))).'$/',$origin)) {`
	`2297`	`+ header('Access-Control-Allow-Origin: '.$origin);`
	`2298`	`+ break;`
`2303`	`2299`	`}`
	`2300`	`+ } else {`
	`2301`	`+ header('Access-Control-Allow-Origin: *');`
`2304`	`2302`	`}`
`2305`	`2303`	`}`
`2306`	`2304`
`2307`	`2305`	`public function executeCommand() {`
`2308`	`2306`	`if (isset($_SERVER['REQUEST_METHOD'])) {`
`2309`	`2307`	`$this->allowOrigin($this->settings['origin'],$this->settings['allow_origin']);`
	`2308`	`+ header('Access-Control-Allow-Credentials: true');`
`2310`	`2309`	`}`
`2311`	`2310`	`if (!$this->settings['request']) {`
`2312`	`2311`	`$this->swagger($this->settings);`