Allowed PUT and DELETE in CORS
This commit is contained in:
Frank Schubert
@@ -47,12 +47,12 @@ class mfBaseApicontroller {
|
||||
// allow all origins
|
||||
if($this->http_method == "OPTIONS") {
|
||||
// dont execute route, OPTIONS only requires CORS headers
|
||||
header("Access-Control-Allow-Methods: GET,POST,OPTIONS");
|
||||
header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
|
||||
header("Access-Control-Allow-Headers: X-Api-Key");
|
||||
|
||||
$this->log->debug("origin header: ".$this->headers['origin']);
|
||||
|
||||
if(preg_match('#^(https?)://(.+)(:\d+)?$#i', $this->headers['origin'], $m)) {
|
||||
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
|
||||
$origin_proto = $m[1];
|
||||
$origin_hostname = $m[2];
|
||||
header("Access-Control-Allow-Origin: ".$origin_proto."://".$origin_hostname);
|
||||
@@ -312,7 +312,7 @@ class mfBaseApicontroller {
|
||||
}
|
||||
|
||||
private function createCorsHeaders() {
|
||||
header("Access-Control-Allow-Methods: GET,POST,OPTIONS");
|
||||
header("Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS");
|
||||
header("Access-Control-Allow-Headers: X-Api-Key");
|
||||
|
||||
if(!is_array($this->allowed_origins) || !count($this->allowed_origins)) {
|
||||
@@ -327,7 +327,7 @@ class mfBaseApicontroller {
|
||||
|
||||
$request_origin = ["proto" => false, "hostname" => ""];
|
||||
$m = [];
|
||||
if(preg_match('#^(https?)://(.+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
|
||||
if(preg_match('#^(https?)://([^/:]+)(:\d+)?/?$#i', $this->headers['origin'], $m)) {
|
||||
$request_origin['proto'] = $m[1];
|
||||
$request_origin['hostname'] = $m[2];
|
||||
}
|
||||
@@ -339,7 +339,7 @@ class mfBaseApicontroller {
|
||||
$hostname = $origin;
|
||||
|
||||
$m = [];
|
||||
if(preg_match('#^(https?)://(.+)/?$#i', $origin, $m)) {
|
||||
if(preg_match('#^(https?)://([^/]+)/?$#i', $origin, $m)) {
|
||||
$proto = $m[1];
|
||||
$hostname = $m[2];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user