Attempt CORS fixes.
This commit is contained in:
parent
fdd95b96fc
commit
4acbed15f2
4 changed files with 19 additions and 15 deletions
|
|
@ -36,7 +36,7 @@ class EEPROMContext {
|
|||
}
|
||||
|
||||
public function createRouting(bool $isApiDomain): RoutingContext {
|
||||
$routingCtx = new RoutingContext;
|
||||
$routingCtx = new RoutingContext($this->config->scopeTo('cors'));
|
||||
$routingCtx->register($this->database);
|
||||
|
||||
$routingCtx->register($uploadsViewsRoutes = new Uploads\UploadsViewRoutes(
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ use Index\Http\Routing\{HttpRouter,Router,RouteHandler};
|
|||
class RoutingContext {
|
||||
private HttpRouter $router;
|
||||
|
||||
public function __construct() {
|
||||
public function __construct(private Config $config) {
|
||||
$this->router = new HttpRouter(
|
||||
errorHandler: new EEPROMErrorHandler,
|
||||
);
|
||||
|
|
@ -17,7 +17,23 @@ class RoutingContext {
|
|||
|
||||
private function middleware($response, $request) {
|
||||
$response->setPoweredBy('EEPROM');
|
||||
$response->setHeader('Access-Control-Allow-Origin', '*');
|
||||
|
||||
if($request->hasHeader('Origin')) {
|
||||
$origin = $request->getHeaderLine('Origin');
|
||||
$response->setHeader('Access-Control-Allow-Origin', $origin);
|
||||
$response->setHeader('Vary', 'Origin');
|
||||
$host = parse_url($origin, PHP_URL_HOST);
|
||||
if(is_string($host)) {
|
||||
$host = '.' . $host;
|
||||
$allowCookieOrigins = $this->config->getArray('origins');
|
||||
foreach($allowCookieOrigins as $allowCookieOrigin)
|
||||
if(str_ends_with($host, '.' . $allowCookieOrigin)) {
|
||||
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else
|
||||
$response->setHeader('Access-Control-Allow-Origin', '*');
|
||||
}
|
||||
|
||||
public function getRouter(): Router {
|
||||
|
|
|
|||
|
|
@ -22,9 +22,6 @@ class UploadsLegacyRoutes implements RouteHandler {
|
|||
|
||||
#[HttpOptions('/uploads')]
|
||||
public function optionsUpload($response, $request): int {
|
||||
if($request->hasHeader('Origin'))
|
||||
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||
|
||||
$response->setHeader('Access-Control-Allow-Headers', 'Authorization');
|
||||
$response->setHeader('Access-Control-Allow-Methods', 'POST');
|
||||
|
||||
|
|
@ -33,9 +30,6 @@ class UploadsLegacyRoutes implements RouteHandler {
|
|||
|
||||
#[HttpPost('/uploads')]
|
||||
public function postUpload($response, $request) {
|
||||
if($request->hasHeader('Origin'))
|
||||
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||
|
||||
if(!$request->isFormContent())
|
||||
return 400;
|
||||
|
||||
|
|
@ -195,9 +189,6 @@ class UploadsLegacyRoutes implements RouteHandler {
|
|||
|
||||
#[HttpDelete('/uploads/([A-Za-z0-9]+|[A-Za-z0-9\-_]{32})')]
|
||||
public function deleteUpload($response, $request, string $uploadId) {
|
||||
if($request->hasHeader('Origin'))
|
||||
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||
|
||||
if(!$this->authCtx->info->authed) {
|
||||
$response->setStatusCode(401);
|
||||
return [
|
||||
|
|
|
|||
|
|
@ -28,9 +28,6 @@ class UploadsViewRoutes implements RouteHandler {
|
|||
#[HttpOptions('/([A-Za-z0-9]+|[A-Za-z0-9\-_]{32})(?:\.([a-z0-9]+))?')]
|
||||
public function optionsUpload($response, $request, string $uploadId, string $uploadVariant = ''): int {
|
||||
if($this->isApiDomain && $uploadVariant === '') {
|
||||
if($request->hasHeader('Origin'))
|
||||
$response->setHeader('Access-Control-Allow-Credentials', 'true');
|
||||
|
||||
$response->setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type, Content-Length');
|
||||
$response->setHeader('Access-Control-Allow-Methods', 'HEAD, GET, PUT, DELETE');
|
||||
$response->setHeader('Access-Control-Max-Age', '300');
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue