From 662079cedf62811dac08b5212c67343291a95eb6 Mon Sep 17 00:00:00 2001 From: "DESKTOP-GBA0BK8\\Admin" Date: Tue, 18 Apr 2023 11:31:55 -0400 Subject: [PATCH] cors allowded --- www-api/app/Filters/Cors.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/www-api/app/Filters/Cors.php b/www-api/app/Filters/Cors.php index 64f306d1..a4ac18dc 100644 --- a/www-api/app/Filters/Cors.php +++ b/www-api/app/Filters/Cors.php @@ -25,6 +25,36 @@ class Cors implements FilterInterface */ public function before(RequestInterface $request, $arguments = null) { + + if (array_key_exists('HTTP_ORIGIN', $_SERVER)) { + $origin = $_SERVER['HTTP_ORIGIN']; + } else if (array_key_exists('HTTP_REFERER', $_SERVER)) { + $origin = $_SERVER['HTTP_REFERER']; + } else { + $origin = $_SERVER['REMOTE_ADDR']; + } + $allowed_domains = array( + 'http://localhost:9082/', + 'https://users.wrenchboard.com/', + ); + + + if (in_array($origin, $allowed_domains)) { + header('Access-Control-Allow-Origin: ' . $origin); + } + + header("Access-Control-Allow-Headers: Origin, X-API-KEY, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Allow-Headers, Authorization, observe, enctype, Content-Length, X-Csrf-Token"); + header("Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS"); + header("Access-Control-Allow-Credentials: true"); + header("Access-Control-Max-Age: 3600"); + header('content-type: application/json; charset=utf-8'); + $method = $_SERVER['REQUEST_METHOD']; + if ($method == "OPTIONS") { + header("HTTP/1.1 200 OK CORS"); + die(); + } + + /* header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Headers: X-API-KEY, Origin,X-Requested-With, Content-Type, Accept, Access-Control-Requested-Method, Authorization"); header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PATCH, PUT, DELETE"); @@ -32,6 +62,7 @@ class Cors implements FilterInterface if($method == "OPTIONS"){ die(); } + */ } /**