From 9ca0587189d6d2926db42573f8f22a4bd55ccb1a Mon Sep 17 00:00:00 2001 From: flashwave Date: Fri, 2 Feb 2024 21:18:59 +0000 Subject: [PATCH] Fixed file delete path not supplying the CORS headers. the way CORS is implemented genuinely makes no fucking sense --- src/Uploads/UploadsRoutes.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Uploads/UploadsRoutes.php b/src/Uploads/UploadsRoutes.php index 562d570..a068d30 100644 --- a/src/Uploads/UploadsRoutes.php +++ b/src/Uploads/UploadsRoutes.php @@ -194,6 +194,12 @@ class UploadsRoutes implements IRouteHandler { #[Route('DELETE', '/uploads/:fileid')] public function deleteUpload($response, $request, string $fileId) { + if($request->hasHeader('Origin')) + $response->setHeader('Access-Control-Allow-Credentials', 'true'); + + $response->setHeader('Access-Control-Allow-Headers', 'Authorization'); + $response->setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET, DELETE'); + if(!$this->authInfo->isLoggedIn()) return 401;