Added cors filters

This commit is contained in:
DESKTOP-GBA0BK8\Admin
2023-04-18 19:44:05 -04:00
parent 3884bbf561
commit 00396b8e17
2 changed files with 4 additions and 25 deletions
+1 -22
View File
@@ -253,26 +253,6 @@ class WrenchApi extends BaseController
return $in;
}
public function apigate(){
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$origin = $_SERVER['HTTP_ORIGIN'];
} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$origin = $_SERVER['HTTP_REFERER'];
} else {
$origin = $_SERVER['REMOTE_ADDR'];
}
$allowed_domains = array(
'http://localhost:9082/',
'https://users.wrenchboard.com/',
);
if (in_array($origin, $allowed_domains)) {
header('Access-Control-Allow-Origin: ' . $origin);
}
/*
//$request = service('request');
header('Access-Control-Allow-Origin: *');
//header("Access-Control-Allow-Origin: http://localhost:9057 ");
header('Access-Control-Expose-Headers: Access-Control-Allow-Origin');
@@ -280,7 +260,7 @@ class WrenchApi extends BaseController
//header("Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With");
header('Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS');
header('Content-type: application/json');
*/
//$request = service('request');
// what is the endpoint
$uri = urldecode(current_url(true));
$findme = '?';
@@ -289,7 +269,6 @@ class WrenchApi extends BaseController
$uri = substr($uri, 0, $pos);
}
log_message('critical', "API-GATE URI -> ".$uri );
$pieces = explode('/', $uri);
$psc = count($pieces);
+3 -3
View File
@@ -25,7 +25,6 @@ class Cors implements FilterInterface
*/
public function before(RequestInterface $request, $arguments = null)
{
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$origin = $_SERVER['HTTP_ORIGIN'];
} else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
@@ -36,13 +35,14 @@ class Cors implements FilterInterface
$allowed_domains = array(
'http://localhost:9082/',
'https://users.wrenchboard.com/',
'http://localhost:9083/',
'http://10.204.5.100:9082/',
'http://10.204.5.100:9083/',
);
if (in_array($origin, $allowed_domains)) {
header('Access-Control-Allow-Origin: ' . $origin);
}
header("Access-Control-Allow-Headers: Origin, X-API-KEY, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Allow-Headers, Authorization, observe, enctype, Content-Length, X-Csrf-Token");
header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS");
header("Access-Control-Allow-Credentials: true");