support jwt+cors

mevdschee · mevdschee · commit dc9ba7d1fa6b · 2018-10-11T23:59:58.000+02:00
diff --git a/api.php b/api.php
@@ -3117,7 +3117,7 @@ public function handle(Request $request): Response
             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
         } elseif ($method == 'OPTIONS') {
             $response = new Response(Response::OK, '');
-            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');
+            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');
             if ($allowHeaders) {
                 $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);
             }
diff --git a/examples/clients/auth0/vanilla.html b/examples/clients/auth0/vanilla.html
@@ -2,14 +2,14 @@
 <head>
 <meta charset="utf-8" /> 
 <script>
-var domain = ''; // hostname ending in '.auth0.com'
+var authUrl = 'https://php-crud-api.auth0.com/authorize'; // hostname ending in '.auth0.com'
 var clientId = ''; // client id as defined in auth0
 var audience = ''; // api audience as defined in auth0
 window.onload = function () {
     var match = RegExp('[#&]access_token=([^&]*)').exec(window.location.hash);
     var accessToken = match && decodeURIComponent(match[1].replace(/\+/g, ' '));
     if (!accessToken) {
-        document.location = 'https://'+domain+'/authorize?audience='+audience+'&response_type=token&client_id='+clientId+'&redirect_uri='+document.location.href;
+        document.location = authUrl+'?audience='+audience+'&response_type=token&client_id='+clientId+'&redirect_uri='+document.location.href;
     } else {
         document.location.hash = '';
         var req = new XMLHttpRequest();
diff --git a/src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/CorsMiddleware.php
@@ -32,7 +32,7 @@ public function handle(Request $request): Response
             $response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);
         } elseif ($method == 'OPTIONS') {
             $response = new Response(Response::OK, '');
-            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');
+            $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');
             if ($allowHeaders) {
                 $response->addHeader('Access-Control-Allow-Headers', $allowHeaders);
             }

Original file line number	Diff line number	Diff line change
`@@ -3117,7 +3117,7 @@ public function handle(Request $request): Response`
`3117`	`3117`	`$response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);`
`3118`	`3118`	`} elseif ($method == 'OPTIONS') {`
`3119`	`3119`	`$response = new Response(Response::OK, '');`
`3120`		`- $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');`
	`3120`	`+ $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');`
`3121`	`3121`	`if ($allowHeaders) {`
`3122`	`3122`	`$response->addHeader('Access-Control-Allow-Headers', $allowHeaders);`
`3123`	`3123`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ public function handle(Request $request): Response`
`32`	`32`	`$response = $this->responder->error(ErrorCode::ORIGIN_FORBIDDEN, $origin);`
`33`	`33`	`} elseif ($method == 'OPTIONS') {`
`34`	`34`	`$response = new Response(Response::OK, '');`
`35`		`- $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN');`
	`35`	`+ $allowHeaders = $this->getProperty('allowHeaders', 'Content-Type, X-XSRF-TOKEN, X-Authorization');`
`36`	`36`	`if ($allowHeaders) {`
`37`	`37`	`$response->addHeader('Access-Control-Allow-Headers', $allowHeaders);`
`38`	`38`	`}`