From ade53322f15a65b19973ba2f180328c829b371b8 Mon Sep 17 00:00:00 2001 From: Frank Schubert Date: Tue, 8 Nov 2022 19:22:28 +0100 Subject: [PATCH] Fixed cors --- application/Api/v1/AddressdbApicontroller.php | 5 +--- lib/mvcfronk/mfBase/mfBaseApicontroller.php | 27 ++++++++++--------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/application/Api/v1/AddressdbApicontroller.php b/application/Api/v1/AddressdbApicontroller.php index 09d4536fd..34c415f21 100644 --- a/application/Api/v1/AddressdbApicontroller.php +++ b/application/Api/v1/AddressdbApicontroller.php @@ -33,10 +33,7 @@ class AddressdbApicontroller extends mfBaseApicontroller { $this->filter_salescluster_ids[] = $campain_scluster->salescluster_id; } - if(!array_key_exists($campain_scluster->salescluster_id, $this->campaigns_by_scluster)) { - $this->campaigns_by_scluster[$campain_scluster->salescluster_id] = []; - } - $this->campaigns_by_scluster[$campain_scluster->salescluster_id][] = $campaign->id; + $this->campaigns_by_scluster[$campain_scluster->salescluster_id] = $campaign->id; } $this->campaigns[$campaign->id] = $campaign; diff --git a/lib/mvcfronk/mfBase/mfBaseApicontroller.php b/lib/mvcfronk/mfBase/mfBaseApicontroller.php index f0d82e60d..1b6c50c0d 100644 --- a/lib/mvcfronk/mfBase/mfBaseApicontroller.php +++ b/lib/mvcfronk/mfBase/mfBaseApicontroller.php @@ -42,21 +42,24 @@ class mfBaseApicontroller { $this->logRequest2(); register_shutdown_function(["mfBaseApicontroller", "return_errors"]); + + // CORS preflight + // allow all origins + if($this->http_method == "OPTIONS") { + // dont execute route, OPTIONS only requires CORS headers + if(preg_match('#^(https?)://(.+)(:\d+)?$#i', $this->headers['origin'], $m)) { + $origin_proto = $m[1]; + $origin_hostname = $m[2]; + header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname); + $this->return(mfResponse::Ok()); + } + } // run Controllers init() function if(method_exists($this,"init")) { $this->init(); } - // Apicontroller should add allowed hostnames with $this->addAllowedOrigin() - $this->createCorsHeaders(); - - // CORS preflight OPTIONS - if($this->http_method == "OPTIONS") { - // dont execute route, OPTIONS only requires CORS headers - $this->return(mfResponse::Ok()); - } - if($this->requireAuth) { $this->authenticateUser(); if(method_exists($this,"authenticated")) { @@ -64,7 +67,8 @@ class mfBaseApicontroller { } } - + // Apicontroller should add allowed hostnames with $this->addAllowedOrigin() + $this->createCorsHeaders(); // route to action $this->route = $params['apicall'].((array_key_exists("apiparams", $params)) ? $params['apiparams'] : ""); @@ -305,7 +309,7 @@ class mfBaseApicontroller { private function createCorsHeaders() { header("Access-Control-Allow-Methods: GET,POST,OPTIONS"); header("Access-Control-Allow-Headers: X-Api-Key"); - //var_dump($this->headers);exit; + if(!is_array($this->allowed_origins) || !count($this->allowed_origins)) { return true; } @@ -323,7 +327,6 @@ class mfBaseApicontroller { $request_origin['hostname'] = $m[2]; } - //var_dump($request_origin);exit; foreach($this->allowed_origins as $origin) { //echo $origin." -> ".$_SERVER["HTTP_HOST"];